Browse all 9 CVE security advisories affecting kraftplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kraftplugins develops WordPress plugins primarily for e-commerce and marketing functionality, with 9 CVEs recorded to date. Historically, their plugins have frequently contained stored cross-site scripting (XSS) vulnerabilities and remote code execution (RCE) flaws, often due to insufficient input sanitization and improper file handling. Several critical issues allowed attackers to execute arbitrary code or escalate privileges through insecure direct object references. While no major public security incidents have been documented, their vulnerability history suggests consistent problems with access controls and data validation, requiring users to maintain strict versioning and apply patches promptly to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14478 | Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload — Demo Importer PlusCWE-611 | 7.5 | High | 2026-01-17 |
| CVE-2025-14364 | Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation — Demo Importer PlusCWE-862 | 8.8 | High | 2025-12-18 |
| CVE-2025-13066 | Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass — Demo Importer PlusCWE-434 | 8.8 | High | 2025-12-05 |
| CVE-2024-9172 | Demo Importer Plus <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Demo Importer PlusCWE-79 | 6.4 | Medium | 2024-10-02 |
This page lists every published CVE security advisory associated with kraftplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.