Browse all 43 CVE security advisories affecting wpmudev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPMU DEV operates as a provider of WordPress plugins, themes, and hosting services, primarily targeting website administrators and developers seeking integrated digital asset management solutions. Security audits have identified forty-one Common Vulnerabilities and Exposures (CVEs) associated with its ecosystem, reflecting a pattern of recurring issues within its software portfolio. Historically, these vulnerabilities predominantly manifest as remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and inadequate access controls in plugin code. While no single catastrophic data breach has been publicly documented as a direct result of these specific CVEs, the high volume of disclosed issues indicates systemic weaknesses in the development lifecycle. The company has responded to these findings through regular patch releases, yet the persistent nature of these defects suggests ongoing challenges in maintaining rigorous security standards across its diverse range of WordPress extensions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2017-20206 | Appointments <= 2.2.1 - Unauthenticated PHP Object Injection — AppointmentsCWE-502 | 9.8 | Critical | 2025-10-18 |
This page lists every published CVE security advisory associated with wpmudev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.