Browse all 4 CVE security advisories affecting pluginever. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PluginEver is a WordPress plugin designed to enhance website functionality through customizable extensions. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. With four CVEs recorded, these issues have allowed attackers to execute arbitrary code, manipulate web content, and gain elevated privileges. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing security challenges that require rigorous input sanitization and permission checks to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64263 | WordPress WP Content Pilot plugin <= 2.1.7 - Broken Access Control vulnerability — WP Content PilotCWE-862 | 5.4 | Medium | 2025-11-13 |
| CVE-2025-39364 | WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerability — Product Category Slider for WooCommerceCWE-98 | 7.5 | High | 2025-05-19 |
| CVE-2023-45053 | WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability — WP Content Pilot – Autoblogging & Affiliate Marketing PluginCWE-80 | 4.3 | Medium | 2024-06-04 |
| CVE-2023-46078 | WordPress Serial Numbers for WooCommerce – License Manager Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF) — WC Serial NumbersCWE-352 | 5.4 | Medium | 2023-10-21 |
This page lists every published CVE security advisory associated with pluginever. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.