Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpcodefactory — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting wpcodefactory. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPCodeFactory operates primarily as a developer tool provider, offering plugins that enable WordPress administrators to insert custom code snippets, manage headers, and handle conditional logic without directly editing theme files. This functionality, while convenient, introduces significant security risks when poorly implemented. Historically, the company’s software has been associated with twenty-one recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving unauthenticated remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and inadequate nonce verification in API endpoints, allowing attackers to execute arbitrary PHP code or manipulate administrative functions. Notable incidents highlight the critical nature of these defects, as they frequently grant full server control to malicious actors. The recurring pattern of severe bugs underscores the necessity for rigorous security auditing in code management plugins, as even minor oversights can lead to complete site compromise and data exfiltration.

Top products by wpcodefactory: Customer Email Verification for WooCommerce Download Plugins and Themes in ZIP from Dashboard EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory EU/UK VAT Validation Manager for WooCommerce Cost of Goods: Product Cost & Profit Calculator for WooCommerce Price by Quantity & Bulk Quantity Discounts for WooCommerce Export Products, Orders & Customers for WooCommerce Maximum Products per User for WooCommerce PDF Invoices & Packing Slips Generator for WooCommerce Custom CSS, JS & PHP Additional Custom Order Status for WooCommerce Wishlist for WooCommerce: Multi Wishlists Per Customer Stock History & Reports Manager for WooCommerce Order Minimum/Maximum Amount Limits for WooCommerce WholeSale Products Dynamic Pricing Management WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-4479 WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — WholeSale Products Dynamic Pricing Management WooCommerceCWE-79 4.4 Medium2026-04-14
CVE-2026-1381 Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields — Order Minimum/Maximum Amount Limits for WooCommerceCWE-79 4.4 Medium2026-01-28
CVE-2025-14399 Download Plugins and Themes from Dashboard <= 1.9.6 - Cross-Site Request Forgery to Bulk Plugin/Theme Archival — Download Plugins and Themes in ZIP from DashboardCWE-352 4.3 Medium2025-12-17
CVE-2025-10167 Stock History & Reports Manager for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Stock History & Reports Manager for WooCommerceCWE-79 6.4 Medium2025-10-11
CVE-2024-13774 Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name — Wishlist for WooCommerce: Multi Wishlists Per CustomerCWE-352 6.1 Medium2025-03-08
CVE-2024-13525 Customer Email Verification for WooCommerce <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure — Customer Email Verification for WooCommerceCWE-200 6.5 Medium2025-02-15
CVE-2024-13528 Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode — Customer Email Verification for WooCommerceCWE-287 7.5 High2025-02-12
CVE-2024-11814 Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting — Additional Custom Order Status for WooCommerceCWE-79 6.1 Medium2024-12-04
CVE-2024-11330 Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting — Custom CSS, JS & PHPCWE-79 6.1 Medium2024-11-23
CVE-2024-11361 PDF Invoices & Packing Slips Generator for WooCommerce <= 2.2.1 - Reflected Cross-Site Scripting — PDF Invoices & Packing Slips Generator for WooCommerceCWE-79 6.1 Medium2024-11-23
CVE-2024-9232 Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Reflected Cross-Site Scripting — Download Plugins and Themes in ZIP from DashboardCWE-79 6.1 Medium2024-10-11
CVE-2024-9377 Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected Cross-Site Scripting — Export Products, Orders & Customers for WooCommerceCWE-79 6.1 Medium2024-10-10
CVE-2024-9205 Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting — Maximum Products per User for WooCommerceCWE-79 6.1 Medium2024-10-10
CVE-2024-9384 Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting — Price by Quantity & Bulk Quantity Discounts for WooCommerceCWE-79 6.1 Medium2024-10-04
CVE-2024-9189 EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization — EU/UK VAT Validation Manager for WooCommerceCWE-862 5.3 Medium2024-09-28
CVE-2024-8788 EU/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting — EU/UK VAT Validation Manager for WooCommerceCWE-79 6.1 Medium2024-09-28
CVE-2024-7501 Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery — Download Plugins and Themes in ZIP from DashboardCWE-352 4.2 Medium2024-08-16
CVE-2024-4185 Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness — Customer Email Verification for WooCommerceCWE-330 8.1 High2024-04-30
CVE-2023-6897 EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode — EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN InventoryCWE-639 4.3 Medium2024-04-18
CVE-2023-6892 EAN for WooCommerce <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode — EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN InventoryCWE-79 6.4 Medium2024-04-18
CVE-2024-0821 Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce <= 3.2.8 - Reflected Cross-Site Scripting — Cost of Goods: Product Cost & Profit Calculator for WooCommerceCWE-79 6.1 Medium2024-02-20

This page lists every published CVE security advisory associated with wpcodefactory. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.