Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpengine — Vulnerabilities & Security Advisories 4

Browse all 4 CVE security advisories affecting wpengine. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPengine provides managed WordPress hosting services, enabling businesses to deploy and scale websites on its platform. Historically, the service has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations or third-party integrations. While WPengine maintains robust security measures, its 4 recorded CVEs highlight potential risks in complex hosting environments. The platform offers features like automatic updates and malware scanning, but its multi-tenant architecture requires careful isolation between customer instances. No major public security incidents have been widely reported, though the concentration of WordPress sites makes it a persistent target for attackers seeking to exploit vulnerabilities in either the core platform or customer implementations.

Top products by wpengine: Advanced Custom Fields (ACF®) Better Search Replace WP Migrate Lite – Migration Made Easy
CVE IDTitleCVSSSeverityPublished
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters — Advanced Custom Fields (ACF®)CWE-862 5.3 Medium2026-04-15
CVE-2025-11427 WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery — WP Migrate Lite – Migration Made EasyCWE-918 5.8 Medium2025-11-18
CVE-2023-6701 Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field — Advanced Custom Fields (ACF®)CWE-79 6.4 Medium2024-02-05
CVE-2023-6933 Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection — Better Search ReplaceCWE-502 8.8 High2024-02-05

This page lists every published CVE security advisory associated with wpengine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.