Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

stellarwp — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting stellarwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products stellarwp:GiveWP – Donation Plugin and Fundraising PlatformKadence Blocks — Page Builder Toolkit for Gutenberg EditorThe Events CalendarGiveWPMembership Plugin – Restrict ContentLearnDash LMSEvent Tickets and RegistrationGutenberg Blocks by Kadence BlocksWPCompleteKadence WooCommerce Email DesignerEvent TicketsiThemes SyncRestrict ContentBookit — Booking & Appointment CalendarLearnDash LMS – ReportsVirtueGive – Divi Donation Modules
CVE IDTitleCVSSSeverityPaused
CVE-2025-9808 The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure — The Events CalendarCWE-200 5.3 Medium2025-09-16
CVE-2025-9807 The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection — The Events CalendarCWE-89 7.5 High2025-09-12
CVE-2025-7221 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update — GiveWP – Donation Plugin and Fundraising PlatformCWE-285 4.3 Medium2025-08-21
CVE-2025-54697 WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.16 - Privilege Escalation Vulnerability — Kadence WooCommerce Email DesignerCWE-266 7.2 High2025-08-14
CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2025-08-06
CVE-2025-7205 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 5.4 Medium2025-07-31
CVE-2025-5678 Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2025-07-09
CVE-2025-50046 WordPress WPComplete plugin <= 2.9.5 - Cross Site Scripting (XSS) Vulnerability — WPCompleteCWE-79 6.5 Medium2025-06-20
CVE-2025-4571 GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.4 Medium2025-06-19
CVE-2025-5144 The Events Calendar <= 6.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — The Events CalendarCWE-79 6.4 Medium2025-06-11
CVE-2025-48246 WordPress The Events Calendar plugin <= 6.11.2.1 - Broken Access Control Vulnerability — The Events CalendarCWE-862 5.4 Medium2025-05-19
CVE-2025-39557 WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability — Kadence WooCommerce Email DesignerCWE-434 9.1 Critical2025-04-16
CVE-2025-30794 WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability — Event TicketsCWE-79 7.1 High2025-04-01
CVE-2025-2331 GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2025-03-22
CVE-2025-2025 Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 6.5 Medium2025-03-15
CVE-2025-0912 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2025-03-04
CVE-2025-1291 Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2025-03-01
CVE-2025-22633 WordPress Give – Divi Donation Modules plugin <= 2.0.0 - Sensitive Data Exposure vulnerability — Give – Divi Donation ModulesCWE-538 7.5 -2025-02-23
CVE-2025-1402 Event Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket Deletion — Event Tickets and RegistrationCWE-862 5.3 Medium2025-02-21
CVE-2024-13457 Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure — Event Tickets and RegistrationCWE-284 5.3 Medium2025-01-30
CVE-2025-24537 WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability — The Events CalendarCWE-352 5.4 Medium2025-01-27
CVE-2024-11090 Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Membership Plugin – Restrict ContentCWE-200 5.3 Medium2025-01-26
CVE-2025-24753 WordPress Kadence Blocks plugin <= 3.3.1 - Broken Access Control vulnerability — Gutenberg Blocks by Kadence BlocksCWE-862 4.3 Medium2025-01-24
CVE-2024-12118 The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — The Events CalendarCWE-79 6.4 Medium2025-01-23
CVE-2025-22777 WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability — GiveWPCWE-502 9.8 Critical2025-01-13
CVE-2024-12877 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2025-01-11
CVE-2024-12304 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2025-01-11
CVE-2024-38762 WordPress Event Tickets and Registration plugin <= 5.11.0.4 - Cross Site Request Forgery (CSRF) vulnerability — Event TicketsCWE-352 4.3 Medium2025-01-02
CVE-2024-37518 WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability — The Events CalendarCWE-352 4.3 Medium2025-01-02
CVE-2023-47183 WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability — GiveWPCWE-862 7.1 -2025-01-02

This page lists every published CVE security advisory associated with stellarwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.