Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WpOpal — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting WpOpal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by WpOpal:Opal EstateOpal Estate Pro – Property Management and SubmissionOpal MembershipOpal Woo Custom Product VariationOpal Hotel Room Booking (WordPress plugin)GG Woo Feed for WooCommerce Shopping Feed on Google and Other ChannelsOpal Widgets For ElementorGutenGeek Free Gutenberg Blocks for WordPressOpal PortfolioGG Bought Together for WooCommerceOpal Service
CVE IDTitleCVSSSeverityPublished
CVE-2025-62913 WordPress Opal Service plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability — Opal ServiceCWE-79 6.5 Medium2025-10-27
CVE-2025-6934 Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' — Opal Estate Pro – Property Management and SubmissionCWE-269 9.8 Critical2025-07-01
CVE-2025-23967 WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability — GG Bought Together for WooCommerceCWE-89 9.3 Critical2025-06-27
CVE-2025-47535 WordPress Opal Woo Custom Product Variation plugin <= 1.2.0 - Arbitrary File Deletion Vulnerability — Opal Woo Custom Product VariationCWE-22 8.6 High2025-05-23
CVE-2025-31748 WordPress Opal Portfolio Plugin <= 1.0.4 - Stored Cross Site Scripting (XSS) vulnerability — Opal PortfolioCWE-79 6.5 Medium2025-04-01
CVE-2024-52444 WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability — Opal Woo Custom Product VariationCWE-22 7.5 High2024-11-20
CVE-2024-9073 GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — GutenGeek Free Gutenberg Blocks for WordPressCWE-79 6.4 Medium2024-09-25
CVE-2024-7649 Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting — Opal MembershipCWE-79 6.1 Medium2024-08-10
CVE-2024-7648 Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure — Opal MembershipCWE-862 4.3 Medium2024-08-10
CVE-2024-3666 Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Opal Estate Pro – Property Management and SubmissionCWE-87 6.4 Medium2024-05-22
CVE-2024-33649 WordPress Opal Widgets For Elementor plugin <= 1.6.9 - Cross Site Scripting (XSS) vulnerability — Opal Widgets For ElementorCWE-79 6.5 Medium2024-04-29
CVE-2023-6638 GTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update — GG Woo Feed for WooCommerce Shopping Feed on Google and Other ChannelsCWE-862 6.5 Medium2024-01-11
CVE-2021-4388 Opal Estate <= 1.6.11 - Missing Authorization — Opal EstateCWE-862 4.3 Medium2023-07-01
CVE-2021-4387 Opal Estate <= 1.6.11 - Cross-Site Request Forgery Bypass — Opal EstateCWE-352 4.3 Medium2023-07-01
CVE-2022-29449 WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability — Opal Hotel Room Booking (WordPress plugin)CWE-79 4.1 Medium2022-05-19

This page lists every published CVE security advisory associated with WpOpal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.