Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpdevteam — Vulnerabilities & Security Advisories 91

Browse all 91 CVE security advisories affecting wpdevteam. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wpdevteam operates as a software development entity primarily focused on creating plugins and themes for the WordPress ecosystem. Their portfolio includes various tools designed to extend website functionality, making them a frequent target for automated vulnerability scanners. Historically, their codebase has exhibited a high frequency of critical security flaws, with 91 CVEs currently on record. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. The sheer volume of disclosed defects suggests systemic weaknesses in their development and testing processes rather than isolated incidents. While no single catastrophic breach has been publicly detailed as a direct result of these specific CVEs, the persistent nature of these flaws indicates a significant risk to users relying on their software. This pattern highlights the broader challenges associated with maintaining security in widely deployed open-source components.

Top products by wpdevteam: Essential Addons for Elementor – Popular Elementor Templates & Widgets Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Essential Blocks Pro SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!
CVE IDTitleCVSSSeverityPublished
CVE-2024-2255 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2024-03-20
CVE-2024-1854 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-20 6.4 Medium2024-03-13
CVE-2024-1537 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Data Table — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2024-03-13
CVE-2024-1536 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 7.4 High2024-03-13
CVE-2024-1802 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79 6.4 Medium2024-03-07
CVE-2024-2128 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79 6.4 Medium2024-03-07
CVE-2024-1698 NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-89 9.8 Critical2024-02-27
CVE-2024-1171 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 5.4 Medium2024-02-20
CVE-2024-1172 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 5.4 Medium2024-02-20
CVE-2024-1276 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2024-02-20
CVE-2024-1349 EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79 6.4 Medium2024-02-20
CVE-2024-1425 EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79 6.4 Medium2024-02-20
CVE-2024-1236 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2024-02-20
CVE-2024-0586 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scritping — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2024-02-05
CVE-2024-0954 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2024-02-05
CVE-2024-0585 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image URl — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 5.4 Medium2024-02-05
CVE-2023-7071 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2024-01-11
CVE-2023-7044 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2024-01-04
CVE-2023-6986 EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79 6.4 Medium2024-01-03
CVE-2023-4386 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries — Essential Blocks ProCWE-502 8.1 High2023-10-20
CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products — Essential Blocks ProCWE-502 8.1 High2023-10-20
CVE-2023-4282 EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-862 5.4 Medium2023-08-10
CVE-2023-4283 EmbedPress <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79 6.4 Medium2023-08-10
CVE-2023-3779 Essential Addons For Elementor <=5.8.1 - Unauthenticated MailChimp API Key Disclosure — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-200 5.3 Medium2023-07-20
CVE-2020-36744 NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-352 4.3 Medium2023-07-01
CVE-2023-3371 EmbedPress <= 3.7.3 - Sensitive Information Exposure — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-321 5.3 Medium2023-06-27
CVE-2023-2083 Essential Blocks <= 4.0.6 - Missing Authorization via save — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-862 4.3 Medium2023-06-09
CVE-2023-2087 Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-352 4.3 Medium2023-06-09
CVE-2023-2085 Essential Blocks <= 4.0.6 - Missing Authorization via templates — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-862 4.3 Medium2023-06-09
CVE-2023-2086 Essential Blocks <= 4.0.6 - Missing Authorization via template_count — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-862 4.3 Medium2023-06-09

This page lists every published CVE security advisory associated with wpdevteam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.