Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

wpWax — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting wpWax. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products wpWax:Directorist: AI-Powered Business Directory, Listings & Classified AdsDirectoristProduct Carousel Slider & Grid Ultimate for WooCommerceLegal PagesPost Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor WidgetTeam (WordPress plugin)Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo GridPost Grid, Slider & Carousel UltimateDirectorist – WordPress Business Directory Plugin with Classified Ads ListingsLegal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice GeneratorDirectorist AddonsKit for ElementorLogo Showcase UltimateLogo Carousel SliderHelpGentFormGent
CVE IDTitleCVSSSeverityPaused
CVE-2026-39509 WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability — DirectoristCWE-862 8.1AIHighAI2026-04-08
CVE-2026-22460 WordPress FormGent plugin <= 1.7.0 - Arbitrary File Deletion vulnerability — FormGentCWE-22 8.6 High2026-03-05
CVE-2025-68069 WordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerability — DirectoristCWE-862 7.1 High2026-02-20
CVE-2025-64250 WordPress Directorist plugin <= 8.6.6 - Open Redirection vulnerability — DirectoristCWE-601 4.7 Medium2025-12-16
CVE-2025-66077 WordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerability — Legal PagesCWE-862 5.3 Medium2025-11-21
CVE-2025-12174 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-862 6.5 Medium2025-11-19
CVE-2025-10488 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-22 8.1 High2025-10-25
CVE-2025-48242 WordPress Legal Pages plugin <= 1.4.5 - Broken Access Control Vulnerability — Legal PagesCWE-862 6.5 Medium2025-05-19
CVE-2025-32658 WordPress HelpGent plugin <= 2.2.5 - PHP Object Injection vulnerability — HelpGentCWE-502 9.8 Critical2025-04-17
CVE-2025-39525 WordPress Logo Carousel Slider plugin <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability — Logo Carousel SliderCWE-79 6.5 Medium2025-04-16
CVE-2025-32499 WordPress Logo Showcase Ultimate plugin <= 1.4.4 - Local File Inclusion vulnerability — Logo Showcase UltimateCWE-98 6.5 Medium2025-04-09
CVE-2025-31857 WordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability — Directorist AddonsKit for ElementorCWE-79 6.5 Medium2025-04-01
CVE-2025-2224 Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-862 5.3 Medium2025-03-25
CVE-2025-1570 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-640 8.1 High2025-02-28
CVE-2024-12041 Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information Exposure — Directorist: AI-Powered Business Directory, Listings & Classified AdsCWE-359 5.3 Medium2025-02-01
CVE-2025-24782 WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulnerability — Post Grid, Slider & Carousel UltimateCWE-98 6.5 Medium2025-01-27
CVE-2025-24681 WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability — Product Carousel Slider & Grid Ultimate for WooCommerceCWE-79 5.9 Medium2025-01-24
CVE-2024-13408 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion — Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor WidgetCWE-98 7.5 High2025-01-24
CVE-2024-13409 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() — Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor WidgetCWE-22 7.5 High2025-01-24
CVE-2023-35052 WordPress Directorist plugin <= 7.5.4 - Arbitrary Content Deletion vulnerability — DirectoristCWE-862 4.3 Medium2024-12-13
CVE-2024-12040 Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme' — Product Carousel Slider & Grid Ultimate for WooCommerceCWE-98 8.8 High2024-12-12
CVE-2024-44048 WordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerability — Product Carousel Slider & Grid Ultimate for WooCommerceCWE-98 6.5 Medium2024-09-23
CVE-2024-8046 Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo GridCWE-79 6.4 Medium2024-08-27
CVE-2024-33929 WordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerability — DirectoristCWE-862 5.3 Medium2024-05-03
CVE-2024-32451 WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability — Legal PagesCWE-352 4.3 Medium2024-04-15
CVE-2024-29925 WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability — Post Grid, Slider & Carousel UltimateCWE-79 6.5 Medium2024-03-27
CVE-2023-50886 WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability — Legal PagesCWE-352 4.3 Medium2024-03-15
CVE-2024-1950 Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object Injection — Product Carousel Slider & Grid Ultimate for WooCommerceCWE-502 7.5 High2024-03-13
CVE-2024-1951 Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object Injection — Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo GridCWE-502 7.5 High2024-03-13
CVE-2024-2006 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup — Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor WidgetCWE-502 8.8 High2024-03-13

This page lists every published CVE security advisory associated with wpWax. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.