Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpwax — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting wpwax. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wpWax is a WordPress plugin framework designed to facilitate the creation of custom themes and plugins, primarily serving developers and agencies seeking to streamline website construction. Its widespread adoption has made it a frequent target for attackers, resulting in thirty-six recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and improper sanitization of user-supplied data. These flaws typically allow unauthenticated attackers to execute arbitrary code or manipulate administrative functions. While wpWax itself is not inherently malicious, its complex architecture and reliance on third-party extensions have historically introduced significant security risks. Recent patches have addressed critical RCE vectors, yet the high volume of past incidents underscores the necessity for rigorous code auditing and timely updates to mitigate exploitation risks in environments utilizing this framework.

Top products by wpwax: Directorist: AI-Powered Business Directory, Listings & Classified Ads Product Carousel Slider & Grid Ultimate for WooCommerce Legal Pages Directorist Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget Team (WordPress plugin) Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid Post Grid, Slider & Carousel Ultimate Directorist – WordPress Business Directory Plugin with Classified Ads Listings Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Directorist AddonsKit for Elementor Logo Showcase Ultimate Logo Carousel Slider HelpGent FormGent
CVE IDTitleCVSSSeverityPublished
CVE-2023-47824 WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF) — Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice GeneratorCWE-352 5.4 Medium2023-11-22
CVE-2023-41798 WordPress Directorist Plugin <= 7.7.1 is vulnerable to CSV Injection — Directorist – WordPress Business Directory Plugin with Classified Ads ListingsCWE-1236 5.1 Medium2023-11-07
CVE-2023-1889 Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-639 6.5 Medium2023-06-09
CVE-2023-1888 Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-20 8.8 High2023-06-09
CVE-2022-34650 WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities — Team (WordPress plugin)CWE-79 4.1 Medium2022-07-22
CVE-2022-34853 WordPress Team plugin <= 1.2.6 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities — Team (WordPress plugin)CWE-79 4.1 Medium2022-07-22

This page lists every published CVE security advisory associated with wpwax. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.