Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpdevelop — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting wpdevelop. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpdevelop is a commercial web development platform designed to facilitate the creation and management of WordPress-based websites, primarily targeting developers and agencies seeking streamlined deployment workflows. Security audits have identified twenty-two distinct Common Vulnerabilities and Exposures (CVEs) associated with the software, highlighting significant risks in its architecture. Historically, these vulnerabilities predominantly manifest as Remote Code Execution (RCE) and Cross-Site Scripting (XSS) flaws, often stemming from insufficient input validation and improper handling of user-supplied data. Additionally, several instances of privilege escalation have been documented, allowing unauthorized users to gain administrative access. While specific major public incidents remain limited in widespread media coverage, the high volume of disclosed CVEs indicates persistent security gaps in authentication mechanisms and file inclusion processes. Organizations utilizing Wpdevelop must prioritize rigorous patch management and continuous monitoring to mitigate these known attack vectors effectively.

Top products by wpdevelop: Booking Calendar Email Reminders Booking Manager
CVE IDTitleCVSSSeverityPublished
CVE-2026-32358 WordPress Booking Calendar plugin <= 10.14.15 - SQL Injection vulnerability — Booking CalendarCWE-89 7.6 High2026-03-13
CVE-2026-2230 Booking Calendar <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification — Booking CalendarCWE-639 4.3 Medium2026-02-18
CVE-2026-1431 Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure — Booking CalendarCWE-862 5.3 Medium2026-01-31
CVE-2025-14982 Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure — Booking CalendarCWE-862 4.3 Medium2026-01-16
CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure — Booking CalendarCWE-862 5.3 Medium2026-01-09
CVE-2025-14383 Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check — Booking CalendarCWE-89 7.5 High2025-12-15
CVE-2025-12804 Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode — Booking CalendarCWE-79 6.4 Medium2025-12-05
CVE-2025-64381 WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability — Booking CalendarCWE-79 6.5 Medium2025-11-13
CVE-2025-64275 WordPress Booking Manager plugin <= 2.1.17 - Cross Site Scripting (XSS) vulnerability — Booking ManagerCWE-79 6.5 Medium2025-11-13
CVE-2025-9346 Booking Calendar <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Booking CalendarCWE-79 6.4 Medium2025-08-28
CVE-2025-4669 Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode — Booking CalendarCWE-79 6.4 Medium2025-05-17
CVE-2024-13821 WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation — Booking CalendarCWE-285 5.3 Medium2025-02-12
CVE-2024-13323 Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode — Booking CalendarCWE-79 6.4 Medium2025-01-14
CVE-2024-56292 WordPress Email Reminders Plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability — Email RemindersCWE-79 5.9 Medium2025-01-07
CVE-2024-11945 Email Reminders <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — Email RemindersCWE-79 6.4 Medium2024-12-10
CVE-2024-9306 WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting — Booking CalendarCWE-79 4.4 Medium2024-10-04
CVE-2024-8274 WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting — Booking CalendarCWE-79 6.1 Medium2024-08-30
CVE-2024-6930 WP Booking Calendar <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode — Booking CalendarCWE-79 6.4 Medium2024-07-24
CVE-2024-1207 Booking Calendar <= 9.9 - Unauthenticated SQL Injection — Booking CalendarCWE-89 9.8 Critical2024-02-08
CVE-2022-1463 Booking Calendar <= 9.1 - PHP Object Injection via Shortcode — Booking CalendarCWE-502 8.8 High2022-05-10
CVE-2017-2150 WordPress Booking Calendar 路径遍历漏洞 — Booking Calendar 6.5 -2017-04-28
CVE-2017-2151 WordPress Booking Calendar 跨站脚本漏洞 — Booking Calendar 6.1 -2017-04-28

This page lists every published CVE security advisory associated with wpdevelop. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.