Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpmet — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting wpmet. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpmet operates as a developer of WordPress plugins and themes, primarily targeting the construction of real estate, classifieds, and directory websites. Its extensive product portfolio has resulted in twenty-one recorded Common Vulnerabilities and Exposures (CVEs), highlighting significant security gaps within its codebase. Historically, the most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and improper access controls in admin-facing endpoints. These flaws frequently allow unauthenticated attackers to execute arbitrary commands or manipulate user sessions. While no single catastrophic data breach has been publicly attributed solely to Wpmet infrastructure, the high volume of exploitable plugins suggests a systemic lack of rigorous security auditing. Users relying on these tools face elevated risks of site compromise, necessitating immediate updates and strict monitoring to mitigate the impact of known exploits.

Found 8 results / 21Clear Filters
Top products by wpmet: ElementsKit Pro Wp Ultimate Review MetForm Pro Elements Kit Lite ShopEngine Wp Social Login and Register Social Counter WP Fundraising Donation and Crowdfunding Platform Elements kit Elementor addons
CVE IDTitleCVSSSeverityPublished
CVE-2025-0321 ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter — ElementsKit ProCWE-79 6.4 Medium2025-01-28
CVE-2024-7063 ElementsKit Pro <= 3.6.6 - Authenticated (Contributor+) Sensitive Information Exposure — ElementsKit ProCWE-200 4.3 Medium2024-08-15
CVE-2024-7064 ElementsKit Pro <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — ElementsKit ProCWE-79 6.4 Medium2024-08-15
CVE-2024-5263 ElementsKit Elementor addons and Templates Library <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets — ElementsKit ProCWE-79 6.4 Medium2024-06-15
CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery — ElementsKit ProCWE-918 8.5 High2024-06-14
CVE-2024-4452 ElementsKit Pro <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — ElementsKit ProCWE-79 6.4 Medium2024-05-21
CVE-2024-3500 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets — ElementsKit ProCWE-98 8.8 High2024-05-02
CVE-2024-3598 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id' — ElementsKit ProCWE-79 6.4 Medium2024-04-19

This page lists every published CVE security advisory associated with wpmet. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.