Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

weDevs — Vulnerabilities & Security Advisories 79

Browse all 79 CVE security advisories affecting weDevs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

weDevs operates as a prominent WordPress plugin developer, primarily serving the e-commerce and educational sectors through products like WooCommerce and LearnPress. With seventy-seven Common Vulnerabilities and Exposures (CVEs) currently on record, the company’s software has historically been susceptible to critical security flaws, most notably Remote Code Execution (RCE) and Cross-Site Scripting (XSS). These vulnerabilities frequently stemmed from insufficient input validation and improper access controls, allowing attackers to escalate privileges or execute arbitrary code on affected sites. While specific major incidents involving widespread data breaches are not extensively documented in public threat intelligence feeds, the high volume of CVEs indicates persistent challenges in securing codebases against injection attacks. This pattern underscores the risks associated with complex WordPress ecosystems, where plugin vulnerabilities often serve as primary entry points for site compromise, necessitating rigorous security audits and timely patch management for users relying on these tools.

Found 11 results / 79Clear Filters
Top products by weDevs: Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support WP User Frontend WP ERP WP Project Manager User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration Happy Addons for Elementor Dokan Pro weMail weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot Subscribe2 – Form, Email Subscribers & Newsletters weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WooCommerce Conversion Tracking Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy weDocs ReCaptcha Integration for WordPress Appsero Helper WP User Frontend Pro Subscribe2 Happy Addons for Elementor Pro WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts WP Project Manager (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-89 6.5 Medium2025-11-15
CVE-2025-2541 WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-79 6.4 Medium2025-04-11
CVE-2025-3100 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-79 6.4 Medium2025-04-09
CVE-2024-13500 WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-89 6.5 Medium2025-02-15
CVE-2024-13752 WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-862 6.5 Medium2025-02-15
CVE-2024-12195 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-89 6.5 Medium2025-01-04
CVE-2024-10548 WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-200 6.5 Medium2024-12-19
CVE-2024-10520 WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-862 5.3 Medium2024-11-20
CVE-2024-10174 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-639 7.3 High2024-11-13
CVE-2023-3636 WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-269 8.8 High2023-08-31
CVE-2020-36745 WP Project Manager <= 2.4.0 - Cross-Site Request Forgery Bypass — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-352 4.3 Medium2023-07-01

This page lists every published CVE security advisory associated with weDevs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.