Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kraftplugins — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting kraftplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by kraftplugins:Demo Importer PlusMega ElementsMega Elements – Addons for ElementorWheel of Life: Coaching and Assessment Tool for Life Coach
CVE IDTitleCVSSSeverityPublished
CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload — Demo Importer PlusCWE-611 7.5 High2026-01-17
CVE-2025-14364 Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation — Demo Importer PlusCWE-862 8.8 High2025-12-18
CVE-2025-13066 Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass — Demo Importer PlusCWE-434 8.8 High2025-12-05
CVE-2025-8200 Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget — Mega Elements – Addons for ElementorCWE-79 6.4 Medium2025-09-26
CVE-2024-9172 Demo Importer Plus <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Demo Importer PlusCWE-79 6.4 Medium2024-10-02
CVE-2024-37466 WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability — Mega ElementsCWE-79 6.5 Medium2024-07-21
CVE-2024-3627 Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints — Wheel of Life: Coaching and Assessment Tool for Life CoachCWE-862 5.4 Medium2024-06-20
CVE-2024-4702 Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget — Mega Elements – Addons for ElementorCWE-79 6.4 Medium2024-05-15
CVE-2024-32575 WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability — Mega ElementsCWE-79 6.5 Medium2024-04-18

This page lists every published CVE security advisory associated with kraftplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.