Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpweaver — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting wpweaver. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wpweaver is a WordPress plugin primarily used for page building and design customization. Historically, it has been associated with multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) issues, and privilege escalation flaws. The plugin's complex architecture and extensive shortcode functionality have frequently introduced security risks, with seven CVEs documented to date. Notable incidents include cases where insufficient input validation allowed attackers to execute arbitrary code or manipulate content through crafted requests. wpweaver's broad user base and integration with multiple WordPress themes have amplified the impact of these vulnerabilities, making regular updates and proper input sanitization critical for maintaining security.

Top products by wpweaver: Weaver Show Posts Weaver Xtreme Weaver Xtreme Theme Support Weaver Themes Shortcode Compatibility Turnkey bbPress by WeaverTheme
CVE IDTitleCVSSSeverityPublished
CVE-2026-2121 Weaver Show Posts <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting — Weaver Show PostsCWE-79 4.4 Medium2026-03-21
CVE-2025-22267 WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability — Weaver Themes Shortcode CompatibilityCWE-79 6.5 Medium2025-01-21
CVE-2024-12221 Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter — Turnkey bbPress by WeaverThemeCWE-79 6.1 Medium2025-01-04
CVE-2024-4939 Weaver Xtreme Theme Support <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via div Shortcode — Weaver Xtreme Theme SupportCWE-79 6.4 Medium2024-06-05
CVE-2023-6990 Weaver Xtreme <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Weaver XtremeCWE-79 5.4 Medium2024-01-11
CVE-2023-1404 Weaver Show Posts <= 1.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name — Weaver Show PostsCWE-79 6.4 Medium2023-06-09
CVE-2023-1403 Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name — Weaver XtremeCWE-79 6.4 Medium2023-06-09

This page lists every published CVE security advisory associated with wpweaver. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.