Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

stellarwp — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting stellarwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

StellarWP primarily develops and maintains premium WordPress plugins, including the popular MemberPress platform for membership management and subscription billing. Historically, its software has been associated with a significant volume of Common Vulnerabilities and Exposures, totaling 115 recorded instances. These security issues predominantly involve cross-site scripting (XSS), SQL injection, and arbitrary file upload flaws, often stemming from insufficient input validation and weak access controls within plugin code. While the company generally responds to disclosed vulnerabilities, the high frequency of patches indicates persistent challenges in secure coding practices. Notable incidents include multiple remote code execution (RCE) vectors that allowed attackers to compromise WordPress installations without authentication. The sheer number of CVEs suggests that while the products are widely used, their security posture has frequently lagged behind industry standards, requiring users to prioritize timely updates and rigorous security auditing to mitigate risks associated with these historically common vulnerability classes.

Found 23 results / 115Clear Filters
Top products by stellarwp: GiveWP – Donation Plugin and Fundraising Platform Kadence Blocks — Page Builder Toolkit for Gutenberg Editor The Events Calendar GiveWP Membership Plugin – Restrict Content LearnDash LMS Event Tickets and Registration Gutenberg Blocks by Kadence Blocks WPComplete Kadence WooCommerce Email Designer Event Tickets Bookit — Booking & Appointment Calendar Restrict Content LearnDash LMS – Reports Give – Divi Donation Modules Virtue iThemes Sync Image Widget
CVE IDTitleCVSSSeverityPublished
CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-862 4.3 Medium2026-04-04
CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-862 4.3 Medium2026-02-18
CVE-2026-1857 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-918 4.3 Medium2026-02-18
CVE-2026-2608 Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-862 4.3 Medium2026-02-17
CVE-2025-5678 Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2025-07-09
CVE-2025-1291 Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2025-03-01
CVE-2024-12304 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2025-01-11
CVE-2024-12581 Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 4.4 Medium2024-12-13
CVE-2024-10785 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-11-21
CVE-2024-9655 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-11-01
CVE-2024-5819 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-06-29
CVE-2024-5289 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-06-27
CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-06-14
CVE-2024-4208 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-15
CVE-2024-3189 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 5.4 Medium2024-05-15
CVE-2024-4209 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-11
CVE-2024-4481 Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-10
CVE-2024-2273 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-02
CVE-2024-1999 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-04-09
CVE-2023-6964 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-918 8.5 High2024-04-09
CVE-2024-0598 Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 4.4 Medium2024-04-09
CVE-2024-2919 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-04-04
CVE-2024-1541 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-03-13

This page lists every published CVE security advisory associated with stellarwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.