Browse all 21 CVE security advisories affecting wickedplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wickedplugins operates as a software vendor specializing in WordPress plugins, primarily targeting e-commerce and digital marketing functionalities. Security audits have identified twenty-one distinct Common Vulnerabilities and Exposures (CVEs) associated with its product suite, indicating a persistent pattern of insecure coding practices. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and improper access controls. These flaws frequently allow unauthenticated attackers to execute arbitrary commands or steal session data. While specific major incidents involving widespread data breaches are not extensively documented in public threat intelligence feeds, the high volume of disclosed CVEs suggests a reactive rather than proactive security posture. Developers relying on these tools face significant risk, necessitating rigorous third-party code reviews and immediate patching upon vendor release to mitigate exploitation potential.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1883 | Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-639 | 4.3 | Medium | 2026-03-15 |
| CVE-2023-0729 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-06-09 |
| CVE-2023-0726 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0722 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0684 | Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0715 | Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0711 | Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0717 | Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0725 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0724 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_add_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0685 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0720 | Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0716 | Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-08 |
| CVE-2023-0718 | Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-07 |
| CVE-2023-0723 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-02-07 |
| CVE-2023-0712 | Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-07 |
| CVE-2023-0719 | Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-07 |
| CVE-2023-0730 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-02-07 |
| CVE-2023-0727 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-02-07 |
| CVE-2023-0713 | Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-862 | 5.4 | Medium | 2023-02-07 |
| CVE-2023-0728 | Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_save_folder — Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post TypesCWE-352 | 5.4 | Medium | 2023-02-07 |
This page lists every published CVE security advisory associated with wickedplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.