Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpcalc — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting wpcalc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPCalc serves as a WordPress calculator plugin enabling mathematical calculations on websites. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues. These vulnerabilities often stem from insufficient input validation and improper permission checks. The plugin's seven recorded CVEs highlight consistent security weaknesses, with some instances allowing attackers to execute arbitrary code or compromise user accounts. While no major public incidents have been widely documented, the pattern of vulnerabilities suggests potential for significant exploitation if left unpatched. Regular updates and careful implementation remain critical for maintaining security when using this plugin.

Top products by wpcalc: Modal Window – create popup modal window WP Coder – Insert & Manage Code Snippets Sticky Buttons – Floating Buttons Builder Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress Popup Box – Easily Create WordPress Popups
CVE IDTitleCVSSSeverityPublished
CVE-2025-12122 Popup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting — Popup Box – Easily Create WordPress PopupsCWE-78 6.4 Medium2026-02-18
CVE-2024-13901 Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting — Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPressCWE-79 4.4 Medium2025-03-01
CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode — Modal Window – create popup modal windowCWE-79 6.4 Medium2025-02-20
CVE-2024-2457 Modal Window – create popup modal window <= 5.3.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode — Modal Window – create popup modal windowCWE-79 6.4 Medium2024-04-09
CVE-2024-0703 Sticky Buttons <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting — Sticky Buttons – Floating Buttons BuilderCWE-79 4.4 Medium2024-01-23
CVE-2023-5161 Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Modal Window – create popup modal windowCWE-79 6.4 Medium2023-09-26
CVE-2023-0895 WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection — WP Coder – Insert & Manage Code SnippetsCWE-89 7.2 High2023-02-17

This page lists every published CVE security advisory associated with wpcalc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.