Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

roninwp — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting roninwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

RoninWP develops WordPress security plugins focused on protecting websites from common web vulnerabilities. Historically, the plugin has been associated with multiple security issues, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. With 11 CVEs recorded, these flaws often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure development practices. The plugin's core use case remains WordPress hardening, though its security track record indicates users should implement additional layers of protection and maintain regular updates to mitigate potential risks.

Top products by roninwp: FAT Services Booking FAT Event Lite Revy FAT Cooming Soon
CVE IDTitleCVSSSeverityPublished
CVE-2025-32924 WordPress Revy plugin <= 2.1 - SQL Injection vulnerability — RevyCWE-89 8.5 High2025-05-19
CVE-2025-39355 WordPress FAT Services Booking plugin <= 5.6 - SQL Injection vulnerability — FAT Services BookingCWE-89 8.5 High2025-05-19
CVE-2025-47693 WordPress Fat Services Booking plugin <= 5.5 - Local File Inclusion vulnerability — FAT Services BookingCWE-98 7.5 High2025-05-16
CVE-2025-32663 WordPress FAT Cooming Soon plugin <= 1.1 - Local File Inclusion vulnerability — FAT Cooming SoonCWE-98 8.1 High2025-04-11
CVE-2025-22718 WordPress FAT Event Lite plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability — FAT Event LiteCWE-79 6.5 Medium2025-01-21
CVE-2025-23915 WordPress FAT Event Lite plugin <= 1.1 - Authenticated Non-Arbitrary Local File Inclusion vulnerability — FAT Event LiteCWE-98 7.5 High2025-01-16
CVE-2025-22508 WordPress FAT Event Lite plugin <= 1.1 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability — FAT Event LiteCWE-98 8.1 High2025-01-09
CVE-2024-54220 WordPress FAT Services Booking plugin <= 5.6 - Subscriber+ Site-Wide Cross Site Scripting (XSS) vulnerability — FAT Services BookingCWE-79 7.1 High2024-12-09
CVE-2024-54215 WordPress Revy plugin <= 1.18 - Unauthenticated SQL Injection vulnerability — RevyCWE-89 9.3 Critical2024-12-09
CVE-2024-54214 WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability — RevyCWE-434 10.0 Critical2024-12-06
CVE-2024-54221 WordPress FAT Services Booking plugin <= 5.6 - Unauthenticated SQL Injection vulnerability — FAT Services BookingCWE-89 9.3 Critical2024-12-04

This page lists every published CVE security advisory associated with roninwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.