Browse all 4 CVE security advisories affecting solacewp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SolaceWP is a WordPress plugin designed for creating and managing membership sites with subscription-based content access. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. The plugin has accumulated four CVE records to date, with security researchers identifying critical weaknesses that could allow attackers to execute arbitrary code, steal session cookies, or gain elevated administrative privileges. No major public security incidents have been widely reported, though its vulnerability history suggests a pattern of security gaps that have required timely patching by users.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58203 | WordPress Solace Extra Plugin <= 1.3.2 - Server Side Request Forgery (SSRF) Vulnerability — Solace ExtraCWE-918 | 4.4 | Medium | 2025-08-27 |
| CVE-2025-47464 | WordPress Solace Extra plugin <= 1.3.1 - Server Side Request Forgery (SSRF) Vulnerability — Solace ExtraCWE-918 | 4.9 | Medium | 2025-05-07 |
| CVE-2025-32652 | WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability — Solace ExtraCWE-434 | 9.9 | Critical | 2025-04-17 |
This page lists every published CVE security advisory associated with solacewp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.