Browse all 3 CVE security advisories affecting wpcoachify. AI-powered Chinese analysis, POCs, and references for each vulnerability.
wpcoachify is a WordPress coaching and development platform that helps users optimize their WordPress sites. Historically, it has been associated with multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper access controls. The platform currently has three CVEs on record, highlighting ongoing security concerns. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for users who fail to maintain timely updates and implement proper hardening measures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25336 | WordPress Coachify theme <= 1.1.5 - Broken Access Control vulnerability — CoachifyCWE-862 | 5.3 | Medium | 2026-02-19 |
| CVE-2026-25337 | WordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability — CoachifyCWE-352 | 5.4 | Medium | 2026-02-19 |
| CVE-2024-37417 | WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability — CoachifyCWE-352 | 4.3 | Medium | 2025-01-02 |
This page lists every published CVE security advisory associated with wpcoachify. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.