Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpchill — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting wpchill. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wpchill:Download MonitorKali Forms — Contact Form & Drag-and-Drop BuilderStrong TestimonialsModula Image Gallery – Photo Grid & Video GalleryImage Photo Gallery Final Tiles GridPassster – Password Protect Pages and ContentGallery PhotoBlocks (WordPress plugin)Image Gallery – Photo Grid & Video GallerySimple RestrictFilr – Secure document libraryCPO Content TypesQyrr – simply and modern QR-Code creationRSVP and Event ManagementRemove Footer CreditCPO ShortcodesBrillianceCPO CompanionModula Image Gallery (WordPress plugin)CPO Shortcodes (WordPress plugin)Download Monitor (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2026-3239 Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode — Strong TestimonialsCWE-79 6.4 Medium2026-04-08
CVE-2026-4401 Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling — Download MonitorCWE-352 5.4 Medium2026-04-07
CVE-2026-3124 Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id' — Download MonitorCWE-639 7.5 High2026-03-30
CVE-2026-3584 Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-94 9.8 Critical2026-03-20
CVE-2026-1860 Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-862 4.3 Medium2026-02-18
CVE-2026-1254 Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing — Modula Image Gallery – Photo Grid & Video GalleryCWE-862 4.3 Medium2026-02-14
CVE-2025-14865 Passster – Password Protect Pages and Content <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Passster – Password Protect Pages and ContentCWE-79 6.4 Medium2026-01-28
CVE-2025-15466 Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management — Image Photo Gallery Final Tiles GridCWE-862 5.4 Medium2026-01-19
CVE-2025-14632 Filr – Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Upload — Filr – Secure document libraryCWE-434 4.4 Medium2026-01-17
CVE-2025-14426 Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update — Strong TestimonialsCWE-862 4.3 Medium2025-12-30
CVE-2025-13693 Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting — Image Photo Gallery Final Tiles GridCWE-79 6.4 Medium2025-12-21
CVE-2025-14455 Image Photo Gallery Final Tiles Grid <= 3.6.7 - Missing Authorization to Authenticated (Contributor+) Gallery Management — Image Photo Gallery Final Tiles GridCWE-862 5.4 Medium2025-12-19
CVE-2025-14003 Image Gallery – Photo Grid & Video Gallery <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification — Modula Image Gallery – Photo Grid & Video GalleryCWE-862 4.3 Medium2025-12-15
CVE-2025-13891 Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing — Modula Image Gallery – Photo Grid & Video GalleryCWE-22 6.5 Medium2025-12-12
CVE-2025-13646 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition — Image Gallery – Photo Grid & Video GalleryCWE-434 7.5 High2025-12-03
CVE-2025-13645 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion — Image Gallery – Photo Grid & Video GalleryCWE-22 7.2 High2025-12-03
CVE-2025-12494 Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move — Modula Image Gallery – Photo Grid & Video GalleryCWE-285 4.3 Medium2025-11-15
CVE-2025-11268 Strong Testimonials <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution — Strong TestimonialsCWE-79 4.3 Medium2025-11-06
CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload — Qyrr – simply and modern QR-Code creationCWE-434 6.4 Medium2025-09-30
CVE-2025-7367 Strong Testimonials <= 3.2.11 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Fields — Strong TestimonialsCWE-79 6.4 Medium2025-07-15
CVE-2024-9416 Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library — Modula Image Gallery – Photo Grid & Video GalleryCWE-79 6.4 Medium2025-04-03
CVE-2024-6261 Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Image Photo Gallery Final Tiles GridCWE-79 6.4 Medium2025-02-27
CVE-2024-12853 Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload — Modula Image Gallery – Photo Grid & Video GalleryCWE-434 8.8 High2025-01-08
CVE-2024-12711 RSVP and Event Management <= 2.7.13 - Missing Authorization — RSVP and Event ManagementCWE-862 5.3 Medium2025-01-07
CVE-2024-11282 Passster – Password Protect Pages and Content <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Passster – Password Protect Pages and ContentCWE-200 5.3 Medium2025-01-07
CVE-2024-11106 Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Simple RestrictCWE-200 5.3 Medium2024-12-10
CVE-2024-10399 Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure — Download MonitorCWE-862 4.3 Medium2024-10-30
CVE-2024-10092 Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation — Download MonitorCWE-862 4.3 Medium2024-10-26
CVE-2022-4972 Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export — Download MonitorCWE-862 7.5 High2024-10-16
CVE-2024-8552 Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable — Download MonitorCWE-862 4.3 Medium2024-09-26

This page lists every published CVE security advisory associated with wpchill. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.