Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

weDevs — Vulnerabilities & Security Advisories 79

Browse all 79 CVE security advisories affecting weDevs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

weDevs operates as a prominent WordPress plugin developer, primarily serving the e-commerce and educational sectors through products like WooCommerce and LearnPress. With seventy-seven Common Vulnerabilities and Exposures (CVEs) currently on record, the company’s software has historically been susceptible to critical security flaws, most notably Remote Code Execution (RCE) and Cross-Site Scripting (XSS). These vulnerabilities frequently stemmed from insufficient input validation and improper access controls, allowing attackers to escalate privileges or execute arbitrary code on affected sites. While specific major incidents involving widespread data breaches are not extensively documented in public threat intelligence feeds, the high volume of CVEs indicates persistent challenges in securing codebases against injection attacks. This pattern underscores the risks associated with complex WordPress ecosystems, where plugin vulnerabilities often serve as primary entry points for site compromise, necessitating rigorous security audits and timely patch management for users relying on these tools.

Top products by weDevs: Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support WP User Frontend WP ERP WP Project Manager User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration Happy Addons for Elementor Dokan Pro weMail weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot Subscribe2 – Form, Email Subscribers & Newsletters weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WooCommerce Conversion Tracking Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy weDocs ReCaptcha Integration for WordPress Appsero Helper WP User Frontend Pro Subscribe2 Happy Addons for Elementor Pro WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts WP Project Manager (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2025-3100 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-79 6.4 Medium2025-04-09
CVE-2025-32280 WordPress WP Project Manager plugin < 2.6.25 - Cross Site Request Forgery (CSRF) Vulnerability — WP Project ManagerCWE-352 4.3 Medium2025-04-04
CVE-2025-22649 WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability — WP Project ManagerCWE-79 5.9 Medium2025-03-27
CVE-2025-30896 WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability — WP ERPCWE-862 5.4 Medium2025-03-27
CVE-2024-13436 Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Appsero HelperCWE-352 6.1 Medium2025-03-11
CVE-2024-11582 Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter — Subscribe2 – Form, Email Subscribers & NewslettersCWE-79 7.2 High2025-02-19
CVE-2024-13500 WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-89 6.5 Medium2025-02-15
CVE-2024-13752 WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-862 6.5 Medium2025-02-15
CVE-2024-12195 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-89 6.5 Medium2025-01-04
CVE-2023-45765 WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability — WP ERPCWE-862 4.3 Medium2025-01-02
CVE-2023-45002 WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability — WP User FrontendCWE-862 4.3 Medium2025-01-02
CVE-2024-10548 WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-200 6.5 Medium2024-12-19
CVE-2023-40003 WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability — WP Project ManagerCWE-862 6.5 Medium2024-12-13
CVE-2024-12015 SQL Injection in WordPress Project Manager Plugin — WP Project ManagerCWE-89 7.7 High2024-12-02
CVE-2024-10520 WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-862 5.3 Medium2024-11-20
CVE-2024-10174 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-639 7.3 High2024-11-13
CVE-2024-8739 ReCaptcha Integration for WordPress <= 1.2.5 - Reflected Cross-Site Scripting — ReCaptcha Integration for WordPressCWE-79 6.1 Medium2024-11-02
CVE-2024-47640 WordPress WP ERP plugin <= 1.13.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP ERPCWE-79 7.1 High2024-10-29
CVE-2024-38693 WordPress WP User Frontend plugin <= 4.0.7 - SQL Injection vulnerability — WP User FrontendCWE-89 7.6 High2024-08-29
CVE-2024-43238 WordPress weMail plugin <= 1.14.5 - Cross Site Scripting (XSS) vulnerability — weMailCWE-79 7.1 High2024-08-18
CVE-2024-37946 WordPress ReCaptcha Integration for WordPress plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability — ReCaptcha Integration for WordPressCWE-79 5.9 Medium2024-07-20
CVE-2024-6666 WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-89 8.8 High2024-07-11
CVE-2024-3922 Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection — Dokan ProCWE-89 10.0 Critical2024-06-13
CVE-2024-34822 WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability — weMailCWE-862 5.3 Medium2024-06-11
CVE-2024-34442 WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability — weDocsCWE-862 5.3 Medium2024-06-11
CVE-2023-52217 WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability — WooCommerce Conversion TrackingCWE-862 4.3 Medium2024-06-11
CVE-2023-47682 WordPress WP User Frontend plugin <= 3.6.5 - Authenticated Privilege Escalation vulnerability — WP User FrontendCWE-269 7.2 High2024-05-17
CVE-2024-1173 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-89 7.2 High2024-05-02
CVE-2024-0952 WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-89 7.2 High2024-04-09
CVE-2024-0956 WP ERP <= 1.13.0 - Authenticated (AccountingManager+) SQL Injection — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-89 4.9 Medium2024-03-29

This page lists every published CVE security advisory associated with weDevs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.