Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpdevteam — Vulnerabilities & Security Advisories 91

Browse all 91 CVE security advisories affecting wpdevteam. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wpdevteam operates as a software development entity primarily focused on creating plugins and themes for the WordPress ecosystem. Their portfolio includes various tools designed to extend website functionality, making them a frequent target for automated vulnerability scanners. Historically, their codebase has exhibited a high frequency of critical security flaws, with 91 CVEs currently on record. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. The sheer volume of disclosed defects suggests systemic weaknesses in their development and testing processes rather than isolated incidents. While no single catastrophic breach has been publicly detailed as a direct result of these specific CVEs, the persistent nature of these flaws indicates a significant risk to users relying on their software. This pattern highlights the broader challenges associated with maintaining security in widely deployed open-source components.

Top products by wpdevteam: Essential Addons for Elementor – Popular Elementor Templates & Widgets Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Essential Blocks Pro SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!
CVE IDTitleCVSSSeverityPublished
CVE-2026-4658 Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2026-05-02
CVE-2026-6393 BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-862 4.3 Medium2026-04-24
CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-79 6.4 Medium2026-04-16
CVE-2026-1512 Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2026-02-14
CVE-2025-15380 NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-79 7.2 High2026-01-20
CVE-2026-0554 NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-862 4.3 Medium2026-01-20
CVE-2026-1004 Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-862 5.3 Medium2026-01-16
CVE-2026-0831 Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write — Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!CWE-863 5.3 Medium2026-01-10
CVE-2025-14980 BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-200 6.5 Medium2026-01-09
CVE-2025-13977 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-12-17
CVE-2025-11369 Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-862 4.3 Medium2025-12-17
CVE-2025-11270 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2025-10-18
CVE-2025-11361 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-918 6.4 Medium2025-10-18
CVE-2025-7499 BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-862 5.3 Medium2025-08-16
CVE-2025-8451 Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-08-15
CVE-2025-6244 Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-07-08
CVE-2024-9993 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-06-07
CVE-2024-9994 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-06-07
CVE-2025-4682 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2025-05-27
CVE-2025-1664 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2025-03-08
CVE-2024-13803 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2025-02-26
CVE-2024-12045 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 4.4 Medium2025-01-08
CVE-2024-11727 NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-79 4.4 Medium2024-12-12
CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79 6.4 Medium2024-11-28
CVE-2024-8978 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Contributor+) Sensitive Information Exposure — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-200 5.7 Medium2024-11-15
CVE-2024-8979 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-200 8.0 High2024-11-15
CVE-2024-8961 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2024-11-15
CVE-2021-4447 Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-862 8.8 High2024-10-16
CVE-2021-4446 Essential Addons for Elementor <= 4.6.4 - Missing Authorization — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-862 6.3 Medium2024-10-16
CVE-2024-8742 Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2024-09-13

This page lists every published CVE security advisory associated with wpdevteam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.