Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPChill — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting WPChill. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by WPChill:Download MonitorKali Forms — Contact Form & Drag-and-Drop BuilderStrong TestimonialsModula Image Gallery – Photo Grid & Video GalleryImage Photo Gallery Final Tiles GridPassster – Password Protect Pages and ContentGallery PhotoBlocks (WordPress plugin)Image Gallery – Photo Grid & Video GallerySimple RestrictFilr – Secure document libraryCPO Content TypesQyrr – simply and modern QR-Code creationRSVP and Event ManagementRemove Footer CreditCPO ShortcodesBrillianceCPO CompanionModula Image Gallery (WordPress plugin)CPO Shortcodes (WordPress plugin)Download Monitor (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2023-6491 Strong Testimonials <= 3.1.12 - Authenticated(Contributor+) Improper Authorization to Views Modification — Strong TestimonialsCWE-284 4.3 Medium2024-06-07
CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization — Download MonitorCWE-285 5.4 Medium2024-05-30
CVE-2024-32429 WordPress Remove Footer Credit plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability — Remove Footer CreditCWE-79 5.9 Medium2024-04-15
CVE-2024-2026 Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode — Passster – Password Protect Pages and ContentCWE-79 6.4 Medium2024-04-09
CVE-2024-30501 WordPress Download Monitor theme <= 4.9.4 - Auth. SQL Injection vulnerability — Download MonitorCWE-89 7.6 High2024-03-29
CVE-2024-1083 Simple Restrict <= 1.2.6 - Missing Authorization to Sensitive Information Exposure — Simple RestrictCWE-200 5.3 Medium2024-03-13
CVE-2024-1218 Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862 4.3 Medium2024-02-20
CVE-2024-1217 Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862 7.6 High2024-02-20
CVE-2024-0616 Passster – Password Protect Pages and Content <= 4.2.6.2 - Missing Authorization to Sensitive Information Exposure — Passster – Password Protect Pages and ContentCWE-200 5.3 Medium2024-02-20
CVE-2022-45354 WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure — Download MonitorCWE-200 5.3 Medium2024-01-08
CVE-2023-52123 WordPress Strong Testimonials Plugin <= 3.1.10 is vulnerable to Cross Site Request Forgery (CSRF) — Strong TestimonialsCWE-352 4.3 Medium2024-01-05
CVE-2023-34007 WordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File Upload — Download MonitorCWE-434 9.9 Critical2023-12-20
CVE-2023-5704 CPO Shortcodes <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — CPO ShortcodesCWE-79 6.4 Medium2023-11-22
CVE-2023-31219 WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF) — Download MonitorCWE-918 4.1 Medium2023-11-13
CVE-2023-26013 WordPress Strong Testimonials Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS) — Strong TestimonialsCWE-79 6.5 Medium2023-06-16
CVE-2020-36721 Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation — BrillianceCWE-284 6.5 Medium2023-06-07
CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-352 8.8 High2023-06-07
CVE-2020-36720 Kali Forms <= 2.1.1 - Missing Authorization to Settings Update — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862 7.1 High2023-06-07
CVE-2020-36712 Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862 8.6 High2023-06-07
CVE-2023-25451 WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) — CPO Content TypesCWE-79 5.9 Medium2023-04-23
CVE-2023-0162 CPO Companion <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting — CPO CompanionCWE-79 5.5 Medium2023-01-10
CVE-2022-41135 WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability — Modula Image Gallery (WordPress plugin)CWE-284 6.5 Medium2022-11-18
CVE-2022-40672 WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — CPO Shortcodes (WordPress plugin)CWE-79 4.8 Medium2022-09-23
CVE-2022-37407 WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities — Gallery PhotoBlocks (WordPress plugin)CWE-79 4.1 Medium2022-09-09
CVE-2022-36292 WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities — Gallery PhotoBlocks (WordPress plugin)CWE-352 5.4 Medium2022-08-23
CVE-2021-23174 WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability — Download MonitorCWE-79 3.4 Low2022-01-28
CVE-2021-36920 WordPress plugin Download Monitor <= 4.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability — Download Monitor (WordPress plugin)CWE-79 4.8 Medium2022-01-14

This page lists every published CVE security advisory associated with WPChill. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.