Browse all 3 CVE security advisories affecting pluginsware. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pluginsware develops third-party extensions that enhance functionality for popular content management systems. Historically, the software has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. While no major public incidents have been widely reported, the three recorded CVEs highlight ongoing security concerns. The extensions typically require elevated system privileges, increasing potential impact if compromised. Security researchers have noted inconsistent security practices across different plugins, with some implementations failing to follow secure coding standards. Users are advised to maintain current versions and carefully evaluate plugin permissions before installation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68580 | WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.9 - Cross Site Request Forgery (CSRF) vulnerability — Advanced Classifieds & Directory ProCWE-352 | 4.3 | Medium | 2025-12-24 |
| CVE-2024-37501 | WordPress Advanced Classifieds & Directory Pro plugin <= 3.1.3 - Local File Inclusion vulnerability — Advanced Classifieds & Directory ProCWE-22 | 8.5 | High | 2024-07-09 |
| CVE-2024-2222 | Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion — Advanced Classifieds & Directory ProCWE-862 | 4.3 | Medium | 2024-04-09 |
This page lists every published CVE security advisory associated with pluginsware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.