Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

loopus — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting loopus. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Loopus is a web application framework primarily used for building dynamic web applications and APIs. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 14 recorded CVEs. The framework's security posture has been challenged by its extensive attack surface, particularly in user input validation and session management. Notable incidents include several high-severity RCE vulnerabilities that allowed attackers to execute arbitrary code on affected servers, often through insufficient sanitization of user-provided data. These vulnerabilities have consistently highlighted the need for rigorous input validation and secure coding practices when developing with Loopus.

Top products by loopus: WP Cost Estimation & Payment Forms Builder WP Attractive Donations System - Easy Stripe & Paypal donations WP Virtual Assistant WP Visitors Tracker WP Ultimate Tours Builder WP Attractive Donations System
CVE IDTitleCVSSSeverityPublished
CVE-2026-24363 WordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Control vulnerability — WP Cost Estimation & Payment Forms BuilderCWE-862 7.5 High2026-03-25
CVE-2026-28115 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability — WP Attractive Donations System - Easy Stripe & Paypal donationsCWE-89 9.3 Critical2026-03-05
CVE-2025-22715 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Arbitrary Content Deletion vulnerability — WP Attractive Donations System - Easy Stripe & Paypal donationsCWE-862 7.5 High2026-01-08
CVE-2025-22725 WordPress WP Virtual Assistant plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability — WP Virtual AssistantCWE-79 7.1 High2026-01-08
CVE-2019-25296 WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete — WP Cost Estimation & Payment Forms BuilderCWE-434 9.8 Critical2026-01-08
CVE-2019-25295 WP Cost Estimation < 9.660 - Upload Directory Traversal — WP Cost Estimation & Payment Forms BuilderCWE-22 6.5 Medium2026-01-08
CVE-2025-58999 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Site Request Forgery (CSRF) vulnerability — WP Attractive Donations System - Easy Stripe & Paypal donationsCWE-352 4.3 Medium2025-12-16
CVE-2025-60155 WordPress WP Virtual Assistant Plugin <= 3.0 - Broken Access Control Vulnerability — WP Virtual AssistantCWE-862 5.3 Medium2025-09-26
CVE-2025-58956 WordPress WP Attractive Donations System Plugin < 1.29 - Cross Site Request Forgery (CSRF) Vulnerability — WP Attractive Donations SystemCWE-352 7.1 High2025-09-22
CVE-2025-31921 WordPress WP Ultimate Tours Builder plugin <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerability — WP Ultimate Tours BuilderCWE-352 4.3 Medium2025-05-16
CVE-2024-35737 WordPress WP Visitors Tracker plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability — WP Visitors TrackerCWE-79 7.1 High2024-06-08
CVE-2024-32510 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - Reflected Cross Site Scripting (XSS) vulnerability — WP Cost Estimation & Payment Forms BuilderCWE-79 7.1 High2024-04-17
CVE-2024-32509 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability — WP Cost Estimation & Payment Forms BuilderCWE-862 6.5 Medium2024-04-17
CVE-2024-30489 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - SQL Injection vulnerability — WP Cost Estimation & Payment Forms BuilderCWE-89 8.5 High2024-03-31

This page lists every published CVE security advisory associated with loopus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.