Browse all 7 CVE security advisories affecting wpengine. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPengine provides managed WordPress hosting services, enabling businesses to deploy and scale websites on its platform. Historically, the service has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations or third-party integrations. While WPengine maintains robust security measures, its 4 recorded CVEs highlight potential risks in complex hosting environments. The platform offers features like automatic updates and malware scanning, but its multi-tenant architecture requires careful isolation between customer instances. No major public security incidents have been widely reported, though the concentration of WordPress sites makes it a persistent target for attackers seeking to exploit vulnerabilities in either the core platform or customer implementations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4029 | Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export — Database Backup for WordPressCWE-862 | 7.5 | High | 2026-05-14 |
| CVE-2026-4030 | Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion — Database Backup for WordPressCWE-862 | 8.1 | High | 2026-05-14 |
| CVE-2026-4031 | Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception — Database Backup for WordPressCWE-862 | 7.5 | High | 2026-05-14 |
This page lists every published CVE security advisory associated with wpengine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.