Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpdesk — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting wpdesk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wpdesk:Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for laterFlexible Refund and Return Order for WooCommerceShopMagicFlexible Checkout Fields for WooCommerce – WooCommerce Checkout ManagerFlexible PDF CouponsFlexible CookiesFlexible PDF Invoices for WooCommerce & WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2025-69093 WordPress ShopMagic plugin <= 4.7.2 - Broken Access Control vulnerability — ShopMagicCWE-862 8.1 -2025-12-30
CVE-2025-12621 Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update — Flexible Refund and Return Order for WooCommerceCWE-863 5.3 Medium2025-11-08
CVE-2025-59578 WordPress ShopMagic plugin <= 4.5.6 - Sensitive Data Exposure vulnerability — ShopMagicCWE-201 7.5AIHighAI2025-10-22
CVE-2025-10570 Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund — Flexible Refund and Return Order for WooCommerceCWE-639 4.3 Medium2025-10-22
CVE-2025-57977 WordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) Vulnerability — Flexible PDF Invoices for WooCommerce &amp; WordPressCWE-352 7.1 High2025-09-22
CVE-2025-30805 WordPress Flexible Cookies plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability — Flexible CookiesCWE-352 4.3 Medium2025-03-27
CVE-2024-13718 Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Creation/Modification — Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for laterCWE-352 4.3 Medium2025-02-18
CVE-2024-13696 Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter — Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for laterCWE-79 7.2 High2025-01-29
CVE-2025-22825 WordPress Flexible PDF Coupons plugin < 1.10.3 - Stored Cross Site Scripting (XSS) vulnerability — Flexible PDF CouponsCWE-79 6.5 Medium2025-01-21
CVE-2020-36731 Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update — Flexible Checkout Fields for WooCommerce – WooCommerce Checkout ManagerCWE-79 7.2 High2023-06-07

This page lists every published CVE security advisory associated with wpdesk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.