Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpdesk — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting wpdesk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpdesk develops WordPress plugins primarily for e-commerce and form management solutions. Historically, their products have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the 10 CVEs on record indicate consistent security challenges, particularly in user-facing components that handle untrusted input. Their plugins' integration with WordPress core and third-party services expands potential attack surfaces, requiring robust input sanitization and secure coding practices to mitigate risks.

Top products by wpdesk: Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later Flexible Refund and Return Order for WooCommerce ShopMagic Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager Flexible PDF Coupons Flexible Cookies Flexible PDF Invoices for WooCommerce & WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2025-69093 WordPress ShopMagic plugin <= 4.7.2 - Broken Access Control vulnerability — ShopMagicCWE-862 5.3 Medium2025-12-30
CVE-2025-12621 Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update — Flexible Refund and Return Order for WooCommerceCWE-863 5.3 Medium2025-11-08
CVE-2025-59578 WordPress ShopMagic plugin <= 4.5.6 - Sensitive Data Exposure vulnerability — ShopMagicCWE-201 5.8 Medium2025-10-22
CVE-2025-10570 Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund — Flexible Refund and Return Order for WooCommerceCWE-639 4.3 Medium2025-10-22
CVE-2025-57977 WordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) Vulnerability — Flexible PDF Invoices for WooCommerce & WordPressCWE-352 7.1 High2025-09-22
CVE-2025-30805 WordPress Flexible Cookies plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability — Flexible CookiesCWE-352 4.3 Medium2025-03-27
CVE-2024-13718 Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Creation/Modification — Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for laterCWE-352 4.3 Medium2025-02-18
CVE-2024-13696 Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter — Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for laterCWE-79 7.2 High2025-01-29
CVE-2025-22825 WordPress Flexible PDF Coupons plugin < 1.10.3 - Stored Cross Site Scripting (XSS) vulnerability — Flexible PDF CouponsCWE-79 6.5 Medium2025-01-21
CVE-2020-36731 Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update — Flexible Checkout Fields for WooCommerce – WooCommerce Checkout ManagerCWE-79 7.2 High2023-06-07

This page lists every published CVE security advisory associated with wpdesk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.