Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpwax — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting wpwax. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wpWax is a WordPress plugin framework designed to facilitate the creation of custom themes and plugins, primarily serving developers and agencies seeking to streamline website construction. Its widespread adoption has made it a frequent target for attackers, resulting in thirty-six recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and improper sanitization of user-supplied data. These flaws typically allow unauthenticated attackers to execute arbitrary code or manipulate administrative functions. While wpWax itself is not inherently malicious, its complex architecture and reliance on third-party extensions have historically introduced significant security risks. Recent patches have addressed critical RCE vectors, yet the high volume of past incidents underscores the necessity for rigorous code auditing and timely updates to mitigate exploitation risks in environments utilizing this framework.

Found 8 results / 36Clear Filters
Top products by wpwax: Directorist: AI-Powered Business Directory, Listings & Classified Ads Product Carousel Slider & Grid Ultimate for WooCommerce Legal Pages Directorist Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Team (WordPress plugin) Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid Post Grid, Slider & Carousel Ultimate Directorist – WordPress Business Directory Plugin with Classified Ads Listings Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Directorist AddonsKit for Elementor Logo Showcase Ultimate Logo Carousel Slider HelpGent FormGent
CVE IDTitleCVSSSeverityPublished
CVE-2025-12174 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-862 6.5 Medium2025-11-19
CVE-2025-10488 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-22 8.1 High2025-10-25
CVE-2025-2224 Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-862 5.3 Medium2025-03-25
CVE-2025-1570 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-640 8.1 High2025-02-28
CVE-2024-12041 Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information Exposure — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-359 5.3 Medium2025-02-01
CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-862 5.3 Medium2024-02-20
CVE-2023-1889 Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-639 6.5 Medium2023-06-09
CVE-2023-1888 Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-20 8.8 High2023-06-09

This page lists every published CVE security advisory associated with wpwax. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.