Browse all 4 CVE security advisories affecting theluckywp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Theluckywp is a WordPress plugin primarily used for enhancing website functionality through various features and integrations. Historically, it has been associated with multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation issues. These vulnerabilities often stem from insufficient input validation and improper access controls. The plugin has accumulated four CVEs to date, highlighting recurring security concerns in its codebase. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for improved security practices in development and maintenance processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-2299 | LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — LuckyWP Table of ContentsCWE-79 | 6.1 | Medium | 2025-04-03 |
| CVE-2024-2953 | LuckyWP Table of Contents <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — LuckyWP Table of ContentsCWE-79 | 5.5 | Medium | 2024-05-22 |
| CVE-2023-6487 | LuckyWP Table of Contents <= 2.1.5 - Authenticated (Administrator+) Cross-Site Scripting — LuckyWP Table of ContentsCWE-79 | 4.4 | Medium | 2024-05-22 |
| CVE-2024-2119 | LuckyWP Table of Contents <= 2.1.5 - Reflected Cross-Site Scripting — LuckyWP Table of ContentsCWE-79 | 6.1 | Medium | 2024-05-22 |
This page lists every published CVE security advisory associated with theluckywp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.