Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpinsider-1 — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting wpinsider-1. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpinsider-1 is a WordPress security research tool focused on identifying vulnerabilities in plugins and themes. Historically, it has primarily exposed cross-site scripting (XSS) and remote code execution (RCE) flaws, with several privilege escalation vulnerabilities also documented in its CVE record. The tool has been instrumental in uncovering critical security issues, including a 2022 incident where it revealed multiple RCE vulnerabilities in popular commercial plugins affecting over 100,000 sites. Wpinsider-1 maintains a reputation for thorough vulnerability analysis, often identifying issues before public disclosure, and has contributed significantly to improving WordPress ecosystem security through its research and coordinated vulnerability disclosure practices.

Top products by wpinsider-1: Simple Membership Simple Membership WP user Import Affiliates Manager
CVE IDTitleCVSSSeverityPublished
CVE-2026-1461 Simple Membership <= 4.7.0 - Unauthenticated Improper Handling of Missing Values — Simple MembershipCWE-230 6.5 Medium2026-02-19
CVE-2024-11088 Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor — Simple MembershipCWE-200 5.3 Medium2024-11-21
CVE-2024-4383 Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode — Simple MembershipCWE-79 6.4 Medium2024-05-09
CVE-2024-3730 Simple Membership <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode — Simple MembershipCWE-79 5.4 Medium2024-04-25
CVE-2024-1985 Simple Membership <= 4.4.2 - Unauthenticated Stored Self-Based Cross-Site Scripting — Simple MembershipCWE-79 4.7 Medium2024-03-13
CVE-2024-0859 Affiliates Manager <= 2.9.34 - Cross-Site Request Forgery — Affiliates ManagerCWE-352 4.3 Medium2024-02-05
CVE-2023-6882 Simple Membership <= 4.3.8 - Reflected Cross-Site Scripting Vulnerability via environment_mode — Simple MembershipCWE-79 6.1 Medium2024-01-11
CVE-2023-4719 Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting — Simple MembershipCWE-79 7.2 High2023-09-06
CVE-2023-0254 Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection — Simple Membership WP user ImportCWE-89 7.2 High2023-01-12

This page lists every published CVE security advisory associated with wpinsider-1. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.