Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wppost — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting wppost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wppost is a WordPress plugin designed to streamline post publishing and management workflows. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. The plugin's six recorded CVEs highlight recurring security weaknesses in its handling of user data and permissions. While no major public incidents have been widely documented, its vulnerability history suggests potential risks for sites requiring elevated privileges or handling user-generated content. Administrators should ensure the plugin is updated to mitigate these known security concerns.

Top products by wppost: WP-Recall – Registration, Profile, Commerce & More
CVE IDTitleCVSSSeverityPublished
CVE-2025-1323 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Unauthenticated SQL Injection — WP-Recall – Registration, Profile, Commerce & MoreCWE-89 7.5 High2025-03-08
CVE-2025-1322 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure — WP-Recall – Registration, Profile, Commerce & MoreCWE-200 4.3 Medium2025-03-08
CVE-2025-1325 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction — WP-Recall – Registration, Profile, Commerce & MoreCWE-862 6.3 Medium2025-03-08
CVE-2025-1324 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP-Recall – Registration, Profile, Commerce & MoreCWE-79 6.4 Medium2025-03-08
CVE-2024-8292 WP-Recall – Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update — WP-Recall – Registration, Profile, Commerce & MoreCWE-639 9.8 Critical2024-09-06
CVE-2024-1175 WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment — WP-Recall – Registration, Profile, Commerce & MoreCWE-862 5.3 Medium2024-06-06

This page lists every published CVE security advisory associated with wppost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.