Browse all 3 CVE security advisories affecting trustyplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Trustyplugins develops WordPress security plugins focused on access control and malware scanning. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, often stemming from insufficient input validation and improper capability checks. Cross-site scripting flaws have also been recurrent, allowing attackers to inject malicious scripts. While no major public security incidents have been documented, the three CVEs on record highlight consistent issues with privilege escalation and unsafe deserialization. Their plugins typically require elevated permissions, increasing potential impact when vulnerabilities exist. Security researchers have noted that while their core functionality addresses common WordPress threats, implementation flaws have repeatedly introduced new attack vectors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-10871 | Category Ajax Filter <= 2.8.2 - Unauthenticated Local File Inclusion — Category AJAX Filter – Advanced Filter for Posts & Custom Post TypesCWE-98 | 9.8 | Critical | 2024-11-09 |
| CVE-2024-3495 | Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection — Country State City Dropdown CF7CWE-89 | 9.8 | Critical | 2024-05-22 |
| CVE-2024-3520 | Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization — Country State City Dropdown CF7CWE-862 | 4.3 | Medium | 2024-05-02 |
This page lists every published CVE security advisory associated with trustyplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.