Browse all 3 CVE security advisories affecting wpWave. AI-powered Chinese analysis, POCs, and references for each vulnerability.
wpWave is a WordPress plugin designed for creating and managing wave-based contact forms and lead generation systems. Historically, the plugin has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) attacks, and privilege escalation issues, with three CVEs documented to date. These vulnerabilities often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely reported, the consistent pattern of critical vulnerabilities in the codebase indicates potential risks for unpatched installations. Users are advised to maintain updated versions and implement additional security measures to mitigate potential exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-69098 | WordPress Hide My WP plugin <= 6.2.12 - Reflected Cross Site Scripting (XSS) vulnerability — Hide My WPCWE-79 | 7.1 | High | 2026-01-22 |
| CVE-2021-36916 | WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated SQL injection (SQLi) vulnerability — Hide My WP (WordPress plugin)CWE-89 | 8.6 | High | 2021-11-24 |
| CVE-2021-36917 | WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability — Hide My WP (WordPress plugin)CWE-284 | 6.5 | Medium | 2021-11-24 |
This page lists every published CVE security advisory associated with wpWave. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.