Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpclever — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting wpclever. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPClever specializes in developing WordPress plugins and themes, primarily targeting small business owners and developers seeking affordable website solutions. The company’s portfolio has been associated with twenty-nine recorded Common Vulnerabilities and Exposures (CVEs), reflecting significant security oversight in its development lifecycle. Historically, these vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper sanitization of user-supplied data. Notable incidents include the exploitation of backdoor mechanisms in popular plugins like WP File Manager, which allowed attackers to gain unauthorized administrative access and deploy malicious scripts across thousands of sites. These breaches highlight systemic weaknesses in code review processes and dependency management. The recurring nature of these critical flaws suggests a pattern of neglecting fundamental security best practices, leaving numerous installations exposed to widespread compromise and data theft without adequate patching or monitoring mechanisms.

Top products by wpclever: WPC Smart Wishlist for WooCommerce WPC Smart Messages for WooCommerce WPC Smart Quick View for WooCommerce WPC Product Bundles for WooCommerce WPC Smart Compare for WooCommerce WPC Shop as a Customer for WooCommerce WPC Frequently Bought Together for WooCommerce WPC Badge Management for WooCommerce WPC Composite Products for WooCommerce WPC Order Notes for WooCommerce WPC Smart Upsell Funnel for WooCommerce WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce WPC Admin Columns WPC Grouped Product for WooCommerce WPC Countdown Timer for WooCommerce WPC Name Your Price for WooCommerce WPC Product Options for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute — WPC Smart Messages for WooCommerceCWE-79 6.4 Medium2026-04-28
CVE-2026-32407 WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.8 - Broken Access Control vulnerability — WPC Smart Wishlist for WooCommerceCWE-862 4.3 Medium2026-03-13
CVE-2026-32406 WordPress WPC Product Bundles for WooCommerce plugin <= 8.4.5 - Broken Access Control vulnerability — WPC Product Bundles for WooCommerceCWE-862 4.3 Medium2026-03-13
CVE-2025-60248 WordPress WPC Product Options for WooCommerce plugin <= 3.1.3 - Local File Inclusion vulnerability — WPC Product Options for WooCommerceCWE-98 7.5 High2025-11-06
CVE-2025-12115 WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration — WPC Name Your Price for WooCommerceCWE-602 7.5 High2025-10-31
CVE-2025-62903 WordPress WPC Smart Messages for WooCommerce plugin <= 4.2.8 - Cross Site Scripting (XSS) vulnerability — WPC Smart Messages for WooCommerceCWE-79 6.5 Medium2025-10-27
CVE-2025-49908 WordPress WPC Countdown Timer for WooCommerce plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability — WPC Countdown Timer for WooCommerceCWE-79 6.5 Medium2025-10-22
CVE-2025-11741 WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure — WPC Smart Quick View for WooCommerceCWE-639 5.3 Medium2025-10-18
CVE-2025-11742 WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure — WPC Smart Wishlist for WooCommerceCWE-862 4.3 Medium2025-10-18
CVE-2025-11518 WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation — WPC Smart Wishlist for WooCommerceCWE-639 5.3 Medium2025-10-11
CVE-2025-8618 WPC Smart Quick View for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode — WPC Smart Quick View for WooCommerceCWE-79 6.4 Medium2025-08-20
CVE-2025-7496 WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — WPC Smart Compare for WooCommerceCWE-79 6.4 Medium2025-08-19
CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — WPC Smart Compare for WooCommerceCWE-79 6.4 Medium2025-07-11
CVE-2025-3418 WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update — WPC Admin ColumnsCWE-269 8.8 High2025-04-12
CVE-2025-30825 WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability — WPC Smart Linked Products - Upsells & Cross-sells for WooCommerceCWE-862 8.8 High2025-04-01
CVE-2025-30772 WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability — WPC Smart Upsell Funnel for WooCommerceCWE-862 8.8 High2025-03-27
CVE-2024-12432 WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key — WPC Shop as a Customer for WooCommerceCWE-330 8.1 High2024-12-18
CVE-2024-12004 WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — WPC Order Notes for WooCommerceCWE-352 6.1 Medium2024-12-11
CVE-2024-43312 WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability — WPC Frequently Bought Together for WooCommerceCWE-862 5.4 Medium2024-11-01
CVE-2024-10437 WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation — WPC Smart Messages for WooCommerceCWE-862 4.3 Medium2024-10-29
CVE-2024-10436 WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion — WPC Smart Messages for WooCommerceCWE-98 8.8 High2024-10-29
CVE-2024-50416 WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability — WPC Shop as a Customer for WooCommerceCWE-502 8.8 High2024-10-28
CVE-2024-30537 WordPress WPC Badge Management for WooCommerce plugin <= 2.4.0 - Broken Access Control vulnerability — WPC Badge Management for WooCommerceCWE-862 4.3 Medium2024-06-09
CVE-2024-2838 WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting — WPC Composite Products for WooCommerceCWE-79 6.4 Medium2024-04-27
CVE-2024-32687 WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.0.3 - Broken Access Control vulnerability — WPC Frequently Bought Together for WooCommerceCWE-862 4.3 Medium2024-04-22
CVE-2024-32520 WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability — WPC Grouped Product for WooCommerceCWE-862 4.3 Medium2024-04-17
CVE-2023-6494 WPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting — WPC Smart Quick View for WooCommerceCWE-79 4.4 Medium2024-04-13
CVE-2023-52127 WordPress WPC Product Bundles for WooCommerce Plugin <= 7.3.1 is vulnerable to Cross Site Request Forgery (CSRF) — WPC Product Bundles for WooCommerceCWE-352 4.3 Medium2024-01-05
CVE-2023-34386 WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF) — WPC Smart Wishlist for WooCommerceCWE-352 4.3 Medium2023-11-09

This page lists every published CVE security advisory associated with wpclever. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.