WPClever — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting WPClever. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-32407	WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.8 - Broken Access Control vulnerability — WPC Smart Wishlist for WooCommerceCWE-862	8.1	-	2026-03-13
CVE-2026-32406	WordPress WPC Product Bundles for WooCommerce plugin <= 8.4.5 - Broken Access Control vulnerability — WPC Product Bundles for WooCommerceCWE-862	8.1	-	2026-03-13
CVE-2025-60248	WordPress WPC Product Options for WooCommerce plugin <= 3.1.3 - Local File Inclusion vulnerability — WPC Product Options for WooCommerceCWE-98	9.1	-	2025-11-06
CVE-2025-12115	WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration — WPC Name Your Price for WooCommerceCWE-602	7.5	High	2025-10-31
CVE-2025-62903	WordPress WPC Smart Messages for WooCommerce plugin <= 4.2.8 - Cross Site Scripting (XSS) vulnerability — WPC Smart Messages for WooCommerceCWE-79	6.5	Medium	2025-10-27
CVE-2025-49908	WordPress WPC Countdown Timer for WooCommerce plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability — WPC Countdown Timer for WooCommerceCWE-79	5.4^AI	Medium^AI	2025-10-22
CVE-2025-11741	WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure — WPC Smart Quick View for WooCommerceCWE-639	5.3	Medium	2025-10-18
CVE-2025-11742	WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure — WPC Smart Wishlist for WooCommerceCWE-862	4.3	Medium	2025-10-18
CVE-2025-11518	WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation — WPC Smart Wishlist for WooCommerceCWE-639	5.3	Medium	2025-10-11
CVE-2025-8618	WPC Smart Quick View for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode — WPC Smart Quick View for WooCommerceCWE-79	6.4	Medium	2025-08-20
CVE-2025-7496	WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — WPC Smart Compare for WooCommerceCWE-79	6.4	Medium	2025-08-19
CVE-2025-5530	WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — WPC Smart Compare for WooCommerceCWE-79	6.4	Medium	2025-07-11
CVE-2025-3418	WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update — WPC Admin ColumnsCWE-269	8.8	High	2025-04-12
CVE-2025-30825	WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability — WPC Smart Linked Products - Upsells & Cross-sells for WooCommerceCWE-862	8.8	High	2025-04-01
CVE-2025-30772	WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability — WPC Smart Upsell Funnel for WooCommerceCWE-862	8.8	High	2025-03-27
CVE-2024-12432	WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key — WPC Shop as a Customer for WooCommerceCWE-330	8.1	High	2024-12-18
CVE-2024-12004	WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — WPC Order Notes for WooCommerceCWE-352	6.1	Medium	2024-12-11
CVE-2024-43312	WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability — WPC Frequently Bought Together for WooCommerceCWE-862	5.4	Medium	2024-11-01
CVE-2024-10437	WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation — WPC Smart Messages for WooCommerceCWE-862	4.3	Medium	2024-10-29
CVE-2024-10436	WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion — WPC Smart Messages for WooCommerceCWE-98	8.8	High	2024-10-29
CVE-2024-50416	WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability — WPC Shop as a Customer for WooCommerceCWE-502	8.8	High	2024-10-28
CVE-2024-30537	WordPress WPC Badge Management for WooCommerce plugin <= 2.4.0 - Broken Access Control vulnerability — WPC Badge Management for WooCommerceCWE-862	4.3	Medium	2024-06-09
CVE-2024-2838	WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting — WPC Composite Products for WooCommerceCWE-79	6.4	Medium	2024-04-27
CVE-2024-32687	WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.0.3 - Broken Access Control vulnerability — WPC Frequently Bought Together for WooCommerceCWE-862	4.3	Medium	2024-04-22
CVE-2024-32520	WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability — WPC Grouped Product for WooCommerceCWE-862	4.3	Medium	2024-04-17
CVE-2023-6494	WPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting — WPC Smart Quick View for WooCommerceCWE-79	4.4	Medium	2024-04-13
CVE-2023-52127	WordPress WPC Product Bundles for WooCommerce Plugin <= 7.3.1 is vulnerable to Cross Site Request Forgery (CSRF) — WPC Product Bundles for WooCommerceCWE-352	4.3	Medium	2024-01-05
CVE-2023-34386	WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF) — WPC Smart Wishlist for WooCommerceCWE-352	8.8	-	2023-11-09

This page lists every published CVE security advisory associated with WPClever. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Support Us — Your donation helps us keep running

WPClever — Vulnerabilities & Security Advisories 28