Browse all 6 CVE security advisories affecting wp.insider. AI-powered Chinese analysis, POCs, and references for each vulnerability.
wp.insider is a WordPress security research platform focused on identifying and documenting vulnerabilities in WordPress plugins and themes. Historically, the platform has reported multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. With six CVEs currently on record, wp.insider maintains a reputation for thorough vulnerability disclosure. The platform emphasizes responsible reporting practices, working with vendors to ensure patches are deployed before public disclosure. While no major security incidents have been directly attributed to wp.insider, its findings have consistently highlighted significant security weaknesses in widely used WordPress extensions, contributing to improved security practices within the WordPress ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24660 | WordPress Simple Membership Custom Messages Plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability — Simple Membership Custom MessagesCWE-79 | 7.1 | High | 2025-02-03 |
This page lists every published CVE security advisory associated with wp.insider. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.