Browse all 3 CVE security advisories affecting wpzest. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPZest is a WordPress plugin designed to enhance site functionality through customizable layouts and design elements. Historically, it has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from insufficient input validation and improper sanitization. The plugin's three recorded CVEs highlight these recurring issues, with some instances allowing attackers to execute arbitrary code or escalate privileges by exploiting improper access controls. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests that WPZest requires careful implementation and regular updates to mitigate potential security risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-9366 | Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Easy Menu Manager | WPZestCWE-79 | 6.4 | Medium | 2024-10-18 |
| CVE-2024-32135 | WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability — Disable Comments | WPZestCWE-89 | 7.6 | High | 2024-04-15 |
| CVE-2023-40329 | WordPress Custom Admin Login Page | WPZest Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) — Custom Admin Login Page | WPZestCWE-79 | 5.9 | Medium | 2023-09-06 |
This page lists every published CVE security advisory associated with wpzest. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.