Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpopal — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting wpopal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpopal is a WordPress theme provider focusing on multipurpose website templates for businesses and online stores. Historically, the themes have been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with 15 CVEs recorded. Common weaknesses include insufficient input validation and improper access controls in theme options and page builder components. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations, particularly in environments with outdated theme versions or default configurations.

Top products by wpopal: Opal Estate Opal Estate Pro – Property Management and Submission Opal Membership Opal Woo Custom Product Variation Opal Hotel Room Booking (WordPress plugin) GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels Opal Widgets For Elementor GutenGeek Free Gutenberg Blocks for WordPress Opal Portfolio GG Bought Together for WooCommerce Opal Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-62913 WordPress Opal Service plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability — Opal ServiceCWE-79 6.5 Medium2025-10-27
CVE-2025-6934 Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' — Opal Estate Pro – Property Management and SubmissionCWE-269 9.8 Critical2025-07-01
CVE-2025-23967 WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability — GG Bought Together for WooCommerceCWE-89 9.3 Critical2025-06-27
CVE-2025-47535 WordPress Opal Woo Custom Product Variation plugin <= 1.2.0 - Arbitrary File Deletion Vulnerability — Opal Woo Custom Product VariationCWE-22 8.6 High2025-05-23
CVE-2025-31748 WordPress Opal Portfolio Plugin <= 1.0.4 - Stored Cross Site Scripting (XSS) vulnerability — Opal PortfolioCWE-79 6.5 Medium2025-04-01
CVE-2024-52444 WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability — Opal Woo Custom Product VariationCWE-22 7.5 High2024-11-20
CVE-2024-9073 GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — GutenGeek Free Gutenberg Blocks for WordPressCWE-79 6.4 Medium2024-09-25
CVE-2024-7649 Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting — Opal MembershipCWE-79 6.1 Medium2024-08-10
CVE-2024-7648 Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure — Opal MembershipCWE-862 4.3 Medium2024-08-10
CVE-2024-3666 Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Opal Estate Pro – Property Management and SubmissionCWE-87 6.4 Medium2024-05-22
CVE-2024-33649 WordPress Opal Widgets For Elementor plugin <= 1.6.9 - Cross Site Scripting (XSS) vulnerability — Opal Widgets For ElementorCWE-79 6.5 Medium2024-04-29
CVE-2023-6638 GTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update — GG Woo Feed for WooCommerce Shopping Feed on Google and Other ChannelsCWE-862 6.5 Medium2024-01-11
CVE-2021-4388 Opal Estate <= 1.6.11 - Missing Authorization — Opal EstateCWE-862 4.3 Medium2023-07-01
CVE-2021-4387 Opal Estate <= 1.6.11 - Cross-Site Request Forgery Bypass — Opal EstateCWE-352 4.3 Medium2023-07-01
CVE-2022-29449 WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability — Opal Hotel Room Booking (WordPress plugin)CWE-79 4.1 Medium2022-05-19

This page lists every published CVE security advisory associated with wpopal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.