Browse all 36 CVE security advisories affecting wpwax. AI-powered Chinese analysis, POCs, and references for each vulnerability.
wpWax is a WordPress plugin framework designed to facilitate the creation of custom themes and plugins, primarily serving developers and agencies seeking to streamline website construction. Its widespread adoption has made it a frequent target for attackers, resulting in thirty-six recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and improper sanitization of user-supplied data. These flaws typically allow unauthenticated attackers to execute arbitrary code or manipulate administrative functions. While wpWax itself is not inherently malicious, its complex architecture and reliance on third-party extensions have historically introduced significant security risks. Recent patches have addressed critical RCE vectors, yet the high volume of past incidents underscores the necessity for rigorous code auditing and timely updates to mitigate exploitation risks in environments utilizing this framework.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-31857 | WordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability — Directorist AddonsKit for ElementorCWE-79 | 6.5 | Medium | 2025-04-01 |
This page lists every published CVE security advisory associated with wpwax. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.