Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

stellarwp — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting stellarwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products stellarwp:GiveWP – Donation Plugin and Fundraising PlatformKadence Blocks — Page Builder Toolkit for Gutenberg EditorThe Events CalendarGiveWPMembership Plugin – Restrict ContentLearnDash LMSEvent Tickets and RegistrationGutenberg Blocks by Kadence BlocksWPCompleteKadence WooCommerce Email DesignerEvent TicketsiThemes SyncRestrict ContentBookit — Booking & Appointment CalendarLearnDash LMS – ReportsVirtueGive – Divi Donation Modules
CVE IDTitleCVSSSeverityPaused
CVE-2023-40001 WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability — iThemes SyncCWE-862 4.3 Medium2024-12-13
CVE-2023-35777 WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability — The Events CalendarCWE-862 5.3 Medium2024-12-13
CVE-2024-12581 Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 4.4 Medium2024-12-13
CVE-2024-10785 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-11-21
CVE-2024-9655 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-11-01
CVE-2024-9634 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2024-10-16
CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 9.8 Critical2024-09-28
CVE-2024-6931 The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting — The Events CalendarCWE-79 7.2 High2024-09-27
CVE-2024-9130 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter — GiveWP – Donation Plugin and Fundraising PlatformCWE-89 7.2 High2024-09-27
CVE-2024-47315 WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerability — GiveWPCWE-352 5.4 Medium2024-09-25
CVE-2024-8275 The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection — The Events CalendarCWE-89 9.8 Critical2024-09-25
CVE-2024-6551 GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2024-08-29
CVE-2024-5940 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 6.5 Medium2024-08-20
CVE-2024-5939 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Limited Information Exposure — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.3 Medium2024-08-20
CVE-2024-5932 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution — GiveWP – Donation Plugin and Fundraising PlatformCWE-502 10.0 Critical2024-08-20
CVE-2024-5941 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 5.4 Medium2024-08-20
CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions — GiveWP – Donation Plugin and Fundraising PlatformCWE-639 5.4 Medium2024-07-19
CVE-2024-5648 LearnDash LMS - Reports Free <= 1.8.2.1 - Missing Authorization to Plugin Settings Update — LearnDash LMS – ReportsCWE-862 5.4 Medium2024-07-09
CVE-2024-5819 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-06-29
CVE-2024-5289 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-06-27
CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-06-14
CVE-2024-35679 WordPress GiveWP plugin <= 3.12.0 - Reflected Cross Site Scripting (XSS) vulnerability — GiveWPCWE-79 7.1 High2024-06-08
CVE-2024-3714 GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.4 Medium2024-05-18
CVE-2024-4208 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-15
CVE-2024-3189 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 5.4 Medium2024-05-15
CVE-2024-4209 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-11
CVE-2024-4481 Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-10
CVE-2024-2273 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-05-02
CVE-2024-4034 Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author — VirtueCWE-79 6.4 Medium2024-05-02
CVE-2024-31432 WordPress Restrict Content plugin <= 3.2.8 - Broken Access Control vulnerability — Restrict ContentCWE-862 5.3 Medium2024-04-15

This page lists every published CVE security advisory associated with stellarwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.