Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

stellarwp — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting stellarwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products stellarwp:GiveWP – Donation Plugin and Fundraising PlatformKadence Blocks — Page Builder Toolkit for Gutenberg EditorThe Events CalendarGiveWPMembership Plugin – Restrict ContentLearnDash LMSEvent Tickets and RegistrationGutenberg Blocks by Kadence BlocksWPCompleteKadence WooCommerce Email DesignerEvent TicketsiThemes SyncRestrict ContentBookit — Booking & Appointment CalendarLearnDash LMS – ReportsVirtueGive – Divi Donation Modules
CVE IDTitleCVSSSeverityPaused
CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-862 4.3 Medium2026-04-04
CVE-2026-32546 WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability — Restrict ContentCWE-862 8.1 -2026-03-25
CVE-2026-3079 LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter — LearnDash LMSCWE-89 6.5 Medium2026-03-24
CVE-2026-4136 Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect — Membership Plugin – Restrict ContentCWE-640 4.3 Medium2026-03-20
CVE-2026-3585 The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import — The Events CalendarCWE-22 7.5 High2026-03-10
CVE-2026-1321 Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' — Membership Plugin – Restrict ContentCWE-862 8.1 High2026-03-05
CVE-2026-2694 The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API — The Events CalendarCWE-285 5.4 Medium2026-02-25
CVE-2026-27056 WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability — iThemes SyncCWE-862 8.2AIHighAI2026-02-19
CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-862 4.3 Medium2026-02-18
CVE-2026-1857 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-918 4.3 Medium2026-02-18
CVE-2026-1304 Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings — Membership Plugin – Restrict ContentCWE-79 4.4 Medium2026-02-18
CVE-2026-2608 Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-862 4.3 Medium2026-02-17
CVE-2025-15043 The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control — The Events CalendarCWE-862 5.4 Medium2026-01-20
CVE-2025-14844 Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure — Membership Plugin – Restrict ContentCWE-639 8.2 High2026-01-16
CVE-2025-69352 WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability — The Events CalendarCWE-862 5.4 Medium2026-01-06
CVE-2025-14000 Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes — Membership Plugin – Restrict ContentCWE-79 6.4 Medium2025-12-23
CVE-2025-67467 WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability — GiveWPCWE-352 5.4 Medium2025-12-09
CVE-2025-66533 WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability — GiveWPCWE-94 6.5 Medium2025-12-09
CVE-2025-13387 Kadence WooCommerce Email Designer <= 1.5.17 - Unauthenticated Stored Cross-Site Scripting — Kadence WooCommerce Email DesignerCWE-79 7.2 High2025-12-02
CVE-2025-13206 GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 7.2 High2025-11-19
CVE-2025-12633 Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection — Bookit — Booking & Appointment CalendarCWE-862 7.5 High2025-11-12
CVE-2025-12192 The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure — The Events CalendarCWE-697 5.3 Medium2025-11-05
CVE-2025-12197 The Events Calendar 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s — The Events CalendarCWE-89 7.5 High2025-11-05
CVE-2025-12175 The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure — The Events CalendarCWE-862 4.3 Medium2025-10-31
CVE-2025-62027 WordPress Event Tickets plugin <= 5.26.3 - Broken Access Control vulnerability — Event TicketsCWE-862--AI2025-10-22
CVE-2025-49906 WordPress WPComplete plugin <= 2.9.5.3 - Broken Access Control vulnerability — WPCompleteCWE-862 5.3 Medium2025-10-22
CVE-2025-11517 Event Tickets and Registration <= 5.26.5 - Unauthenticated Ticket Payment Bypass — Event Tickets and RegistrationCWE-639 7.5 High2025-10-18
CVE-2025-11228 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.3 Medium2025-10-04
CVE-2025-11227 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-285 6.5 Medium2025-10-04
CVE-2025-58974 WordPress WPComplete Plugin <= 2.9.5.2 - Cross Site Scripting (XSS) Vulnerability — WPCompleteCWE-79 6.5 Medium2025-09-22

This page lists every published CVE security advisory associated with stellarwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.