Browse all 4 CVE security advisories affecting wpdreams. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wpdreams develops WordPress plugins and themes, primarily for website building and enhancement. Historically, their products have been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The company has accumulated four CVEs to date, with several instances allowing unauthorized access or data exposure. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their extensions suggests a need for improved security practices in development and testing. Their plugins' broad installation base increases potential impact when vulnerabilities are discovered.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-48086 | WordPress Ajax Search Lite plugin <= 4.13.3 - PHP Object Injection vulnerability — Ajax Search LiteCWE-502 | 5.5 | Medium | 2025-11-06 |
| CVE-2025-11926 | Related Posts Lite <= 1.12 - Authenticated (Admin+) Stored Cross-Site Scripting — Related Posts LiteCWE-79 | 4.4 | Medium | 2025-10-18 |
| CVE-2025-9618 | Related Posts Lite <= 1.12 - Cross-Site Request Forgery — Related Posts LiteCWE-352 | 4.3 | Medium | 2025-08-30 |
| CVE-2025-7956 | Ajax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler — Ajax Search Lite – Live Search & FilterCWE-862 | 5.3 | Medium | 2025-08-28 |
This page lists every published CVE security advisory associated with wpdreams. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.