Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

stellarwp — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting stellarwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

StellarWP primarily develops and maintains premium WordPress plugins, including the popular MemberPress platform for membership management and subscription billing. Historically, its software has been associated with a significant volume of Common Vulnerabilities and Exposures, totaling 115 recorded instances. These security issues predominantly involve cross-site scripting (XSS), SQL injection, and arbitrary file upload flaws, often stemming from insufficient input validation and weak access controls within plugin code. While the company generally responds to disclosed vulnerabilities, the high frequency of patches indicates persistent challenges in secure coding practices. Notable incidents include multiple remote code execution (RCE) vectors that allowed attackers to compromise WordPress installations without authentication. The sheer number of CVEs suggests that while the products are widely used, their security posture has frequently lagged behind industry standards, requiring users to prioritize timely updates and rigorous security auditing to mitigate risks associated with these historically common vulnerability classes.

Top products by stellarwp: GiveWP – Donation Plugin and Fundraising Platform Kadence Blocks — Page Builder Toolkit for Gutenberg Editor The Events Calendar GiveWP Membership Plugin – Restrict Content LearnDash LMS Event Tickets and Registration Gutenberg Blocks by Kadence Blocks WPComplete Kadence WooCommerce Email Designer Event Tickets Bookit — Booking & Appointment Calendar Restrict Content LearnDash LMS – Reports Give – Divi Donation Modules Virtue iThemes Sync Image Widget
CVE IDTitleCVSSSeverityPublished
CVE-2024-37518 WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability — The Events CalendarCWE-352 4.3 Medium2025-01-02
CVE-2023-47183 WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability — GiveWPCWE-862 5.3 Medium2025-01-02
CVE-2024-12581 Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 4.4 Medium2024-12-13
CVE-2024-10785 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-11-21
CVE-2024-9655 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-11-01
CVE-2024-9634 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2024-10-16
CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2024-09-28
CVE-2024-6931 The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting — The Events CalendarCWE-79 7.2 High2024-09-27
CVE-2024-9130 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter — GiveWP – Donation Plugin and Fundraising PlatformCWE-89 7.2 High2024-09-27
CVE-2024-47315 WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerability — GiveWPCWE-352 5.4 Medium2024-09-25
CVE-2024-8275 The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection — The Events CalendarCWE-89 9.8 Critical2024-09-25
CVE-2024-6551 GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2024-08-29
CVE-2024-5940 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 6.5 Medium2024-08-20
CVE-2024-5939 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Limited Information Exposure — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.3 Medium2024-08-20
CVE-2024-5932 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 10.0 Critical2024-08-20
CVE-2024-5941 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.4 Medium2024-08-20
CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions — GiveWP – Donation Plugin and Fundraising PlatformCWE-639 5.4 Medium2024-07-19
CVE-2024-5648 LearnDash LMS - Reports Free <= 1.8.2.1 - Missing Authorization to Plugin Settings Update — LearnDash LMS – ReportsCWE-862 5.4 Medium2024-07-09
CVE-2024-5819 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-06-29
CVE-2024-5289 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-06-27
CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-06-14
CVE-2024-35679 WordPress GiveWP plugin <= 3.12.0 - Reflected Cross Site Scripting (XSS) vulnerability — GiveWPCWE-79 7.1 High2024-06-08
CVE-2024-3714 GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.4 Medium2024-05-18
CVE-2024-4208 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-15
CVE-2024-3189 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 5.4 Medium2024-05-15
CVE-2024-4209 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-11
CVE-2024-4481 Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-10
CVE-2024-2273 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-02
CVE-2024-4034 Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author — VirtueCWE-79 6.4 Medium2024-05-02
CVE-2024-31432 WordPress Restrict Content plugin <= 3.2.8 - Broken Access Control vulnerability — Restrict ContentCWE-862 5.3 Medium2024-04-15

This page lists every published CVE security advisory associated with stellarwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.