Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

wpdevart — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting wpdevart. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products wpdevart:Booking calendar, Appointment Booking SystemResponsive Image Gallery, Gallery AlbumGallery – Image and Video Gallery with ThumbnailsOrganization chartResponsive Vertical Icon MenuYouTube Embed, Playlist and Popup by WpDevArtContact Form Builder, Contact WidgetWidget CountdownPoll, Survey, Questionnaire and Voting systemCountdown and CountUp, WooCommerce Sales TimersPoll, Survey, Questionnaire and Voting system (WordPress plugin)Image and Video Lightbox, Image PopUpCountdown and CountUp, WooCommerce Sales TimerComing soon and Maintenance modePricing Table builderCountdown Timer – Widget Countdown
CVE IDTitleCVSSSeverityPaused
CVE-2026-25435 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Cross Site Scripting (XSS) vulnerability — Booking calendar, Appointment Booking SystemCWE-79 7.1 High2026-03-25
CVE-2025-14555 Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Countdown Timer – Widget CountdownCWE-79 6.4 Medium2026-01-10
CVE-2025-67574 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability — Booking calendar, Appointment Booking SystemCWE-862 5.3 Medium2025-12-09
CVE-2025-62886 WordPress Pricing Table builder plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerability — Pricing Table builderCWE-352 7.1 High2025-10-27
CVE-2025-2537 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library — YouTube Embed, Playlist and Popup by WpDevArtCWE-79 6.4 Medium2025-07-03
CVE-2025-47443 WordPress Widget Countdown plugin <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability — Widget CountdownCWE-79 6.5 Medium2025-05-07
CVE-2025-24719 WordPress Widget Countdown plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability — Widget CountdownCWE-79 6.5 Medium2025-01-24
CVE-2024-12077 Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' — Booking calendar, Appointment Booking SystemCWE-79 6.1 Medium2025-01-07
CVE-2023-45631 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability — Responsive Image Gallery, Gallery AlbumCWE-862 4.3 Medium2025-01-02
CVE-2024-10856 Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection — Booking calendar, Appointment Booking SystemCWE-89 6.5 Medium2024-12-24
CVE-2023-24407 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability — Booking calendar, Appointment Booking SystemCWE-862 5.0 Medium2024-12-09
CVE-2024-9504 Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — Booking calendar, Appointment Booking SystemCWE-434 7.2 High2024-11-26
CVE-2024-7355 Organization chart <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description Parameters — Organization chartCWE-79 4.9 Medium2024-08-07
CVE-2024-37542 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability — Responsive Image Gallery, Gallery AlbumCWE-862 5.4 Medium2024-07-06
CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability — Contact Form Builder, Contact WidgetCWE-307 5.3 Medium2024-06-10
CVE-2024-35750 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability — Responsive Image Gallery, Gallery AlbumCWE-89 8.5 High2024-06-08
CVE-2023-49741 WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability — Coming soon and Maintenance modeCWE-290 3.7 Low2024-06-04
CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability — Booking calendar, Appointment Booking SystemCWE-472 3.7 Low2024-06-03
CVE-2024-30550 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability — Responsive Image Gallery, Gallery AlbumCWE-79 7.1 High2024-03-31
CVE-2024-31120 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability — Responsive Image Gallery, Gallery AlbumCWE-79 6.5 Medium2024-03-31
CVE-2023-47533 WordPress Countdown and CountUp, WooCommerce Sales Timer Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS) — Countdown and CountUp, WooCommerce Sales TimerCWE-79 5.9 Medium2023-11-14
CVE-2022-47428 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.7 is vulnerable to SQL Injection — Booking calendar, Appointment Booking SystemCWE-89 9.8 -2023-11-06
CVE-2023-46075 WordPress Contact Form Builder, Contact Widget Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) — Contact Form Builder, Contact WidgetCWE-79 7.1 High2023-10-26
CVE-2023-45630 WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) — Gallery – Image and Video Gallery with ThumbnailsCWE-79 7.1 High2023-10-18
CVE-2023-45629 WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) — Gallery – Image and Video Gallery with ThumbnailsCWE-352 5.4 Medium2023-10-16
CVE-2023-24387 WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) — Organization chartCWE-79 5.9 Medium2023-04-06
CVE-2023-24002 WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS) — YouTube Embed, Playlist and Popup by WpDevArtCWE-79 5.9 Medium2023-04-06
CVE-2023-24004 WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) — Image and Video Lightbox, Image PopUpCWE-79 5.9 Medium2023-04-06
CVE-2023-23870 WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS) — Responsive Vertical Icon MenuCWE-79 5.9 Medium2023-04-04
CVE-2022-47603 WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) — Gallery – Image and Video Gallery with ThumbnailsCWE-79 7.1 High2023-03-29

This page lists every published CVE security advisory associated with wpdevart. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.