Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wedevs — Vulnerabilities & Security Advisories 79

Browse all 79 CVE security advisories affecting wedevs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

weDevs operates as a prominent WordPress plugin developer, primarily serving the e-commerce and educational sectors through products like WooCommerce and LearnPress. With seventy-seven Common Vulnerabilities and Exposures (CVEs) currently on record, the company’s software has historically been susceptible to critical security flaws, most notably Remote Code Execution (RCE) and Cross-Site Scripting (XSS). These vulnerabilities frequently stemmed from insufficient input validation and improper access controls, allowing attackers to escalate privileges or execute arbitrary code on affected sites. While specific major incidents involving widespread data breaches are not extensively documented in public threat intelligence feeds, the high volume of CVEs indicates persistent challenges in securing codebases against injection attacks. This pattern underscores the risks associated with complex WordPress ecosystems, where plugin vulnerabilities often serve as primary entry points for site compromise, necessitating rigorous security audits and timely patch management for users relying on these tools.

Top products by wedevs: Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support WP User Frontend WP ERP WP Project Manager User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration Happy Addons for Elementor Dokan Pro weMail weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot Subscribe2 – Form, Email Subscribers & Newsletters weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WooCommerce Conversion Tracking Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy weDocs ReCaptcha Integration for WordPress Appsero Helper WP User Frontend Pro Subscribe2 Happy Addons for Elementor Pro WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts WP Project Manager (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2026-5127 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection — User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User RegistrationCWE-502 8.8 High2026-05-08
CVE-2026-25468 WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerability — Happy Addons for ElementorCWE-497 5.3 Medium2026-05-07
CVE-2026-42412 WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability — WP User FrontendCWE-862 6.5 Medium2026-04-29
CVE-2026-39520 WordPress weDocs plugin <= 2.1.18 - Broken Access Control vulnerability — weDocsCWE-862 5.3 Medium2026-04-08
CVE-2026-32485 WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability — WP User FrontendCWE-862 7.5 High2026-03-25
CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability — WP User FrontendCWE-862 6.5 Medium2026-03-25
CVE-2026-2233 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter — User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User RegistrationCWE-862 5.3 Medium2026-03-15
CVE-2026-31917 WordPress WP ERP plugin <= 1.16.10 - SQL Injection vulnerability — WP ERPCWE-89 8.5 High2026-03-13
CVE-2026-1565 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload — User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User RegistrationCWE-434 8.8 High2026-02-26
CVE-2025-14339 weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion — weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerceCWE-862 6.5 Medium2026-02-21
CVE-2026-24944 WordPress Subscribe2 plugin <= 10.44 - Broken Access Control vulnerability — Subscribe2CWE-862 6.5 Medium2026-02-20
CVE-2025-13921 weDocs <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update — weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI ChatbotCWE-862 4.3 Medium2026-01-23
CVE-2025-14348 weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure — weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerceCWE-285 5.3 Medium2026-01-20
CVE-2025-14574 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.1.15 - Unauthenticated Sensitive Information Exposure — weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI ChatbotCWE-200 5.3 Medium2026-01-09
CVE-2025-14047 WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion — User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User RegistrationCWE-862 5.3 Medium2026-01-02
CVE-2025-68040 WordPress WP Project Manager plugin <= 3.0.1 - Sensitive Data Exposure vulnerability — WP Project ManagerCWE-201 6.5 Medium2025-12-29
CVE-2025-67546 WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability — WP ERPCWE-497 6.5 Medium2025-12-18
CVE-2025-12809 dokan pro <= 4.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Dokan ProCWE-862 5.3 Medium2025-12-16
CVE-2025-63008 WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability — WP ERPCWE-862 5.3 Medium2025-12-09
CVE-2025-12505 weDocs <= 2.1.14 - Missing Authorization to Settings Update — weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI ChatbotCWE-285 5.4 Medium2025-12-06
CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-89 6.5 Medium2025-11-15
CVE-2025-58269 WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability — WP Project ManagerCWE-798 5.3 Medium2025-09-22
CVE-2025-58672 WordPress WP User Frontend Plugin <= 4.1.12 - Broken Access Control Vulnerability — WP User FrontendCWE-862 5.4 Medium2025-09-22
CVE-2025-58673 WordPress WP User Frontend Plugin <= 4.1.12 - Content Injection Vulnerability — WP User FrontendCWE-94 5.4 Medium2025-09-22
CVE-2025-5931 Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation — Dokan ProCWE-269 8.8 High2025-08-26
CVE-2025-3055 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion — WP User Frontend ProCWE-22 8.1 High2025-06-05
CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload — WP User Frontend ProCWE-434 8.8 High2025-06-05
CVE-2025-47540 WordPress weMail plugin <= 1.14.13 - Sensitive Data Exposure Vulnerability — weMailCWE-497 5.3 Medium2025-05-07
CVE-2025-39377 WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability — Appsero HelperCWE-89 8.5 High2025-04-24
CVE-2025-2541 WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-79 6.4 Medium2025-04-11

This page lists every published CVE security advisory associated with wedevs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.