Browse all 23 CVE security advisories affecting wpzoom. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPZOOM operates as a developer of WordPress plugins and themes, primarily targeting small business owners and bloggers seeking customizable website solutions. Security audits have identified twenty-three Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem, reflecting significant historical security gaps. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions. While specific major public breaches directly attributed to WPZOOM products remain limited in widespread media coverage, the high volume of CVEs indicates a pattern of delayed patching and inadequate security testing during development. This profile underscores the risks inherent in using plugins with a history of poor security hygiene, necessitating rigorous third-party audits and immediate updates for any deployed instances.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-8592 | Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation — InspiroCWE-352 | 8.1 | High | 2025-08-21 |
This page lists every published CVE security advisory associated with wpzoom. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.