weDevs 厂商漏洞列表 / CVE 中文分析 79

weDevs 厂商相关 79 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

weDevs 是一家专注于 WordPress 生态的开发商，核心产品涵盖 WooCommerce 插件及教育管理系统。其软件历史上频繁出现远程代码执行、跨站脚本及越权访问等高危漏洞，累计收录 77 条 CVE。安全团队需重点关注其插件更新机制，因部分漏洞源于输入验证缺失。建议用户及时升级至最新稳定版，并严格遵循最小权限原则部署，以降低潜在攻击面。

上位製品 weDevs: Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support WP User Frontend WP ERP WP Project Manager User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration Happy Addons for Elementor Dokan Pro weMail weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot Subscribe2 – Form, Email Subscribers & Newsletters weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WooCommerce Conversion Tracking Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy weDocs ReCaptcha Integration for WordPress Appsero Helper WP User Frontend Pro Subscribe2 Happy Addons for Elementor Pro WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts WP Project Manager (WordPress plugin)

CVEs 79

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2024-0609	WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & Accounting <= 1.13.1 - Unauthenticated Stored Cross-Site Scripting — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-79	7.2	High	2024-03-29
CVE-2024-0608	WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (Subscriber+) SQL Injection — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-89	6.5	Medium	2024-03-29
CVE-2024-0913	WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-89	7.2	High	2024-03-29
CVE-2024-24711	WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability — WooCommerce Conversion TrackingCWE-862	4.3	Medium	2024-03-26
CVE-2023-6632	Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting — Happy Addons for Elementor ProCWE-79	6.1	Medium	2024-01-11
CVE-2024-21747	WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection — WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & AccountingCWE-89	7.6	High	2024-01-08
CVE-2023-26525	WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection — Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, EtsyCWE-89	7.1	High	2023-12-20
CVE-2023-34382	WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection — Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, EtsyCWE-502	4.4	Medium	2023-12-19
CVE-2023-49860	WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) — WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt chartsCWE-79	6.5	Medium	2023-12-14
CVE-2023-34383	WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection — WP Project ManagerCWE-89	8.5	High	2023-11-03
CVE-2023-3636	WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-269	8.8	High	2023-08-31
CVE-2023-34008	WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS) — WP ERPCWE-79	7.1	High	2023-08-30
CVE-2023-28989	WordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF) — Happy Addons for ElementorCWE-352	4.3	Medium	2023-07-10
CVE-2020-36745	WP Project Manager <= 2.4.0 - Cross-Site Request Forgery Bypass — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-352	4.3	Medium	2023-07-01
CVE-2020-36735	WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-352	4.3	Medium	2023-07-01
CVE-2023-1844	Subscribe2 <= 10.40 - Missing Authorization — Subscribe2 – Form, Email Subscribers & NewslettersCWE-862	4.3	Medium	2023-06-28
CVE-2023-3407	Subscribe2 <= 10.40 - Cross-Site Request Forgery — Subscribe2 – Form, Email Subscribers & NewslettersCWE-352	4.3	Medium	2023-06-28
CVE-2021-36826	WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability — WP Project Manager (WordPress plugin)CWE-79	5.4	Medium	2022-04-04
CVE-2021-24292	Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS — Happy Addons for ElementorCWE-79	5.4	-	2021-05-17

本页汇总了 weDevs 厂商截至目前公开的全部 79 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

weDevs 厂商漏洞列表 / CVE 中文分析 79

目標達成すべての支援者に感謝 — 100%達成しました！