Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

stellarwp — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting stellarwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

StellarWP primarily develops and maintains premium WordPress plugins, including the popular MemberPress platform for membership management and subscription billing. Historically, its software has been associated with a significant volume of Common Vulnerabilities and Exposures, totaling 115 recorded instances. These security issues predominantly involve cross-site scripting (XSS), SQL injection, and arbitrary file upload flaws, often stemming from insufficient input validation and weak access controls within plugin code. While the company generally responds to disclosed vulnerabilities, the high frequency of patches indicates persistent challenges in secure coding practices. Notable incidents include multiple remote code execution (RCE) vectors that allowed attackers to compromise WordPress installations without authentication. The sheer number of CVEs suggests that while the products are widely used, their security posture has frequently lagged behind industry standards, requiring users to prioritize timely updates and rigorous security auditing to mitigate risks associated with these historically common vulnerability classes.

Top products by stellarwp: GiveWP – Donation Plugin and Fundraising Platform Kadence Blocks — Page Builder Toolkit for Gutenberg Editor The Events Calendar GiveWP Membership Plugin – Restrict Content LearnDash LMS Event Tickets and Registration Gutenberg Blocks by Kadence Blocks WPComplete Kadence WooCommerce Email Designer Event Tickets Bookit — Booking & Appointment Calendar Restrict Content LearnDash LMS – Reports Give – Divi Donation Modules Virtue iThemes Sync Image Widget
CVE IDTitleCVSSSeverityPublished
CVE-2024-31433 WordPress The Events Calendar plugin <= 6.3.0 - Cross Site Request Forgery (CSRF) vulnerability — The Events CalendarCWE-352 4.3 Medium2024-04-15
CVE-2024-1957 GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.4 Medium2024-04-13
CVE-2024-1424 GiveWP – Donation Plugin and Fundraising Platform <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.4 Medium2024-04-09
CVE-2024-1999 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-04-09
CVE-2023-6964 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-918 8.5 High2024-04-09
CVE-2024-0598 Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 4.4 Medium2024-04-09
CVE-2024-2261 Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure — Event Tickets and RegistrationCWE-639 4.3 Medium2024-04-09
CVE-2024-2919 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-04-04
CVE-2024-24888 WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability — Gutenberg Blocks by Kadence BlocksCWE-918 6.4 Medium2024-04-02
CVE-2024-23500 WordPress Kadence Blocks plugin <= 3.2.19 - Server Side Request Forgery (SSRF) vulnerability — Gutenberg Blocks by Kadence BlocksCWE-918 7.7 High2024-03-28
CVE-2024-30229 WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability — GiveWPCWE-502 8.0 High2024-03-28
CVE-2024-27987 WordPress Give plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability — GiveWPCWE-79 7.1 High2024-03-15
CVE-2024-1541 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-03-13
CVE-2024-1053 Event Tickets and Registration <= 5.8.1 - Missing Authorization — Event Tickets and RegistrationCWE-284 4.3 Medium2024-02-22
CVE-2023-6557 The Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information Exposure — The Events CalendarCWE-862 5.3 Medium2024-02-05
CVE-2024-1208 LearnDash LMS <= 4.10.2 - Sensitive Information Exposure via API — LearnDash LMSCWE-200 5.3 Medium2024-02-05
CVE-2024-1209 LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via assignments — LearnDash LMSCWE-200 5.3 Medium2024-02-05
CVE-2024-1210 LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API — LearnDash LMSCWE-200 5.3 Medium2024-02-05
CVE-2023-4247 GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin deactivation — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 5.4 Medium2024-01-11
CVE-2023-4246 GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin installation — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 4.3 Medium2024-01-11
CVE-2023-4248 GiveWP <= 2.33.3 - Cross-Site Request Forgery to Stripe Integration Deletion — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 5.4 Medium2024-01-11
CVE-2023-47668 WordPress Restrict Content Plugin <= 3.2.7 is vulnerable to Sensitive Data Exposure — Membership Plugin – Restrict ContentCWE-200 5.3 Medium2023-11-23
CVE-2023-3105 LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change — LearnDash LMSCWE-639 8.8 High2023-07-12
CVE-2023-2834 BookIt <= 2.3.7 - Authentication Bypass — Bookit — Booking & Appointment CalendarCWE-288 9.8 Critical2023-06-30
CVE-2022-2117 GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2022-07-18

This page lists every published CVE security advisory associated with stellarwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.