Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpmet — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting wpmet. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpmet operates as a developer of WordPress plugins and themes, primarily targeting the construction of real estate, classifieds, and directory websites. Its extensive product portfolio has resulted in twenty-one recorded Common Vulnerabilities and Exposures (CVEs), highlighting significant security gaps within its codebase. Historically, the most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and improper access controls in admin-facing endpoints. These flaws frequently allow unauthenticated attackers to execute arbitrary commands or manipulate user sessions. While no single catastrophic data breach has been publicly attributed solely to Wpmet infrastructure, the high volume of exploitable plugins suggests a systemic lack of rigorous security auditing. Users relying on these tools face elevated risks of site compromise, necessitating immediate updates and strict monitoring to mitigate the impact of known exploits.

Top products by wpmet: ElementsKit Pro Wp Ultimate Review MetForm Pro Elements Kit Lite ShopEngine Wp Social Login and Register Social Counter WP Fundraising Donation and Crowdfunding Platform Elements kit Elementor addons
CVE IDTitleCVSSSeverityPublished
CVE-2026-1782 MetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' — MetForm ProCWE-20 5.3 Medium2026-04-15
CVE-2026-1261 MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting — MetForm ProCWE-79 7.2 High2026-03-10
CVE-2025-0321 ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter — ElementsKit ProCWE-79 6.4 Medium2025-01-28
CVE-2024-7063 ElementsKit Pro <= 3.6.6 - Authenticated (Contributor+) Sensitive Information Exposure — ElementsKit ProCWE-200 4.3 Medium2024-08-15
CVE-2024-7064 ElementsKit Pro <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — ElementsKit ProCWE-79 6.4 Medium2024-08-15
CVE-2023-39993 WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability — Elements kit Elementor addonsCWE-862 4.3 Medium2024-06-19
CVE-2024-5263 ElementsKit Elementor addons and Templates Library <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets — ElementsKit ProCWE-79 6.4 Medium2024-06-15
CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery — ElementsKit ProCWE-918 8.5 High2024-06-14
CVE-2024-34758 WordPress FundEngine – Donation and Crowdfunding Platform plugin <= 1.6.4 - Broken Access Control vulnerability — WP Fundraising Donation and Crowdfunding PlatformCWE-862 5.3 Medium2024-06-11
CVE-2024-4452 ElementsKit Pro <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — ElementsKit ProCWE-79 6.4 Medium2024-05-21
CVE-2024-32685 WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability — Wp Ultimate ReviewCWE-602 5.3 Medium2024-05-17
CVE-2024-3500 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets — ElementsKit ProCWE-98 8.8 High2024-05-02
CVE-2024-32684 WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability — Wp Ultimate ReviewCWE-862 5.3 Medium2024-04-22
CVE-2024-32683 WordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability — Wp Ultimate ReviewCWE-639 5.3 Medium2024-04-19
CVE-2024-3598 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id' — ElementsKit ProCWE-79 6.4 Medium2024-04-19
CVE-2022-47160 WordPress Wp Social Plugin <= 1.9.0 is vulnerable to Sensitive Data Exposure — Wp Social Login and Register Social CounterCWE-200 6.5 Medium2024-01-19
CVE-2023-28987 WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) — Wp Ultimate ReviewCWE-352 4.3 Medium2023-11-12
CVE-2023-46085 WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) — Wp Ultimate ReviewCWE-352 4.3 Medium2023-10-22
CVE-2023-28751 WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) — Wp Ultimate ReviewCWE-79 5.9 Medium2023-06-23
CVE-2022-45371 WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF) — ShopEngineCWE-352 5.4 Medium2023-05-25
CVE-2021-24258 ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS — Elements Kit LiteCWE-79 5.4 -2021-05-05

This page lists every published CVE security advisory associated with wpmet. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.