Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

stellarwp — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting stellarwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products stellarwp:GiveWP – Donation Plugin and Fundraising PlatformKadence Blocks — Page Builder Toolkit for Gutenberg EditorThe Events CalendarGiveWPMembership Plugin – Restrict ContentLearnDash LMSEvent Tickets and RegistrationGutenberg Blocks by Kadence BlocksWPCompleteKadence WooCommerce Email DesignerEvent TicketsiThemes SyncRestrict ContentBookit — Booking & Appointment CalendarLearnDash LMS – ReportsVirtueGive – Divi Donation Modules
CVE IDTitleCVSSSeverityPaused
CVE-2024-31433 WordPress The Events Calendar plugin <= 6.3.0 - Cross Site Request Forgery (CSRF) vulnerability — The Events CalendarCWE-352 4.3 Medium2024-04-15
CVE-2024-1957 GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.4 Medium2024-04-13
CVE-2024-1424 GiveWP – Donation Plugin and Fundraising Platform <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.4 Medium2024-04-09
CVE-2024-1999 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-04-09
CVE-2023-6964 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-918 8.5 High2024-04-09
CVE-2024-0598 Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 4.4 Medium2024-04-09
CVE-2024-2261 Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure — Event Tickets and RegistrationCWE-639 4.3 Medium2024-04-09
CVE-2024-2919 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-04-04
CVE-2024-24888 WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability — Gutenberg Blocks by Kadence BlocksCWE-918 9.1AICriticalAI2024-04-02
CVE-2024-23500 WordPress Kadence Blocks plugin <= 3.2.19 - Server Side Request Forgery (SSRF) vulnerability — Gutenberg Blocks by Kadence BlocksCWE-918 7.7 High2024-03-28
CVE-2024-30229 WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability — GiveWPCWE-502 8.0 High2024-03-28
CVE-2024-27987 WordPress Give plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability — GiveWPCWE-79 7.1 High2024-03-15
CVE-2024-1541 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg EditorCWE-79 6.4 Medium2024-03-13
CVE-2024-1053 Event Tickets and Registration <= 5.8.1 - Missing Authorization — Event Tickets and RegistrationCWE-284 4.3 Medium2024-02-22
CVE-2023-6557 The Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information Exposure — The Events CalendarCWE-862 5.3 Medium2024-02-05
CVE-2024-1208 LearnDash LMS <= 4.10.2 - Sensitive Information Exposure via API — LearnDash LMSCWE-200 5.3 Medium2024-02-05
CVE-2024-1209 LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via assignments — LearnDash LMSCWE-200 5.3 Medium2024-02-05
CVE-2024-1210 LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API — LearnDash LMSCWE-200 5.3 Medium2024-02-05
CVE-2023-4247 GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin deactivation — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 5.4 Medium2024-01-11
CVE-2023-4246 GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin installation — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 4.3 Medium2024-01-11
CVE-2023-4248 GiveWP <= 2.33.3 - Cross-Site Request Forgery to Stripe Integration Deletion — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 5.4 Medium2024-01-11
CVE-2023-47668 WordPress Restrict Content Plugin <= 3.2.7 is vulnerable to Sensitive Data Exposure — Membership Plugin – Restrict ContentCWE-200 5.3 Medium2023-11-23
CVE-2023-3105 LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change — LearnDash LMSCWE-639 8.8 High2023-07-12
CVE-2023-2834 BookIt <= 2.3.7 - Authentication Bypass — Bookit — Booking & Appointment CalendarCWE-288 9.8 Critical2023-06-30
CVE-2022-2117 GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2022-07-18

This page lists every published CVE security advisory associated with stellarwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.