Browse all 3 CVE security advisories affecting wordpresteem. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wordpresteem is a WordPress plugin designed to enhance user engagement through gamification and reputation systems. Historically, it has been susceptible to multiple vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with three CVEs currently documented. The plugin's security posture has been compromised due to insufficient input validation and improper access controls, allowing attackers to execute arbitrary code, inject malicious scripts, or gain elevated privileges. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities in its codebase highlights ongoing security concerns that require immediate remediation and regular security audits to prevent potential compromises.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-13460 | WE – Testimonial Slider <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — WE – Testimonial SliderCWE-79 | 6.4 | Medium | 2025-01-30 |
| CVE-2025-22529 | WordPress WE Blocks <= 1.3.5 - Cross Site Scripting (XSS) vulnerability — WE BlocksCWE-79 | 6.5 | Medium | 2025-01-07 |
| CVE-2024-51821 | WordPress WE – Client Logo Carousel plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability — WE – Client Logo CarouselCWE-79 | 6.5 | Medium | 2024-11-19 |
This page lists every published CVE security advisory associated with wordpresteem. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.