Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpmudev — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting wpmudev. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPMU DEV operates as a provider of WordPress plugins, themes, and hosting services, primarily targeting website administrators and developers seeking integrated digital asset management solutions. Security audits have identified forty-one Common Vulnerabilities and Exposures (CVEs) associated with its ecosystem, reflecting a pattern of recurring issues within its software portfolio. Historically, these vulnerabilities predominantly manifest as remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and inadequate access controls in plugin code. While no single catastrophic data breach has been publicly documented as a direct result of these specific CVEs, the high volume of disclosed issues indicates systemic weaknesses in the development lifecycle. The company has responded to these findings through regular patch releases, yet the persistent nature of these defects suggests ongoing challenges in maintaining rigorous security standards across its diverse range of WordPress extensions.

Top products by wpmudev: Forminator Forms – Contact Form, Payment Form & Custom Form Builder Hustle – Email Marketing, Lead Generation, Optins, Popups Branda – White Label & Branding, Free Login Page Customizer Broken Link Checker SmartCrawl SEO checker, analyzer & optimizer Defender Security – Malware Scanner, Login Security & Firewall Smush – Image Optimization, Compression, Lazy Load, WebP & CDN Appointments Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
CVE IDTitleCVSSSeverityPublished
CVE-2024-6554 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure — Branda – White Label & Branding, Free Login Page CustomizerCWE-200 5.3 Medium2024-07-11
CVE-2024-6556 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure — SmartCrawl SEO checker, analyzer & optimizerCWE-200 5.3 Medium2024-07-10
CVE-2024-5191 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload — Branda – White Label & Branding, Free Login Page CustomizerCWE-79 6.4 Medium2024-06-21
CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion — Smush – Image Optimization, Compression, Lazy Load, WebP & CDNCWE-862 4.3 Medium2024-06-21
CVE-2024-3287 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization — SmartCrawl SEO checker, analyzer & optimizerCWE-862 5.3 Medium2024-05-02
CVE-2024-1794 Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-79 7.2 High2024-04-09
CVE-2024-3053 Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-79 6.4 Medium2024-04-09
CVE-2024-0368 Hustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys — Hustle – Email Marketing, Lead Generation, Optins, PopupsCWE-522 8.6 High2024-03-13
CVE-2023-6133 Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-434 6.6 Medium2023-11-15
CVE-2023-4596 Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-434 9.8 Critical2023-08-30
CVE-2021-4425 Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass — Defender Security – Malware Scanner, Login Security & FirewallCWE-352 4.3 Medium2023-07-12
CVE-2021-4417 Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-352 5.4 Medium2023-07-12
CVE-2022-2438 Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization — Broken Link CheckerCWE-502 7.2 High2022-09-06

This page lists every published CVE security advisory associated with wpmudev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.