Browse all 4 CVE security advisories affecting wpdever. AI-powered Chinese analysis, POCs, and references for each vulnerability.
wpdever is a WordPress development tool focused on theme and plugin creation, with four CVEs recorded. Historically, vulnerabilities have included stored cross-site scripting (XSS) and remote code execution (RCE) due to insufficient input sanitization and improper file handling. Security assessments reveal inconsistent access controls and unsafe object deserialization practices. No major public incidents have been documented, though the presence of multiple CVEs indicates ongoing security challenges. The tool's core functionality requires elevated privileges, increasing potential impact if exploited. Regular updates address discovered flaws, but developers should implement additional input validation and output encoding to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58821 | WordPress WP Notification Bell plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability — WP Notification BellCWE-79 | 5.9 | Medium | 2025-09-05 |
| CVE-2025-47538 | WordPress Cart tracking for WooCommerce plugin <= 1.0.17 - SQL Injection Vulnerability — Cart tracking for WooCommerceCWE-89 | 7.6 | High | 2025-05-07 |
| CVE-2025-30791 | WordPress Cart tracking for WooCommerce plugin <= 1.0.16 - SQL Injection Vulnerability — Cart tracking for WooCommerceCWE-89 | 7.6 | High | 2025-03-27 |
| CVE-2025-22357 | WordPress Target Notifications plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability — Target NotificationsCWE-79 | 7.1 | High | 2025-01-07 |
This page lists every published CVE security advisory associated with wpdever. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.