wpdevteam — Vulnerabilities & Security Advisories 96

Browse all 96 CVE security advisories affecting wpdevteam. AI-powered Chinese analysis, POCs, and references for each vulnerability.

wpdevteam operates as a software development entity primarily focused on creating plugins and themes for the WordPress ecosystem. Their portfolio includes various tools designed to extend website functionality, making them a frequent target for automated vulnerability scanners. Historically, their codebase has exhibited a high frequency of critical security flaws, with 91 CVEs currently on record. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. The sheer volume of disclosed defects suggests systemic weaknesses in their development and testing processes rather than isolated incidents. While no single catastrophic breach has been publicly detailed as a direct result of these specific CVEs, the persistent nature of these flaws indicates a significant risk to users relying on their software. This pattern highlights the broader challenges associated with maintaining security in widely deployed open-source components.

Top products by wpdevteam: Essential Addons for Elementor – Popular Elementor Templates & Widgets Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor Essential Blocks Pro SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot

CVEs 96

CVE ID	Title	CVSS	Severity	Published
CVE-2024-8979	Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-200	8.0	High	2024-11-15
CVE-2024-8961	Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-11-15
CVE-2021-4447	Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-862	8.8	High	2024-10-16
CVE-2021-4446	Essential Addons for Elementor <= 4.6.4 - Missing Authorization — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-862	6.3	Medium	2024-10-16
CVE-2024-8742	Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-09-13
CVE-2024-8440	Essential Addons for Elementor -- Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-09-11
CVE-2024-7092	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-08-13
CVE-2024-6557	SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure — SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post PublisherCWE-200	5.3	Medium	2024-07-16
CVE-2024-1565	EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79	6.4	Medium	2024-06-13
CVE-2024-5189	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-06-11
CVE-2024-5188	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.22 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-06-06
CVE-2024-5571	EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79	6.4	Medium	2024-06-05
CVE-2024-5073	Essential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-05-30
CVE-2024-1803	EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-285	4.3	Medium	2024-05-23
CVE-2024-4891	Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79	6.4	Medium	2024-05-18
CVE-2024-4624	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-05-14
CVE-2024-4275	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles' — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-05-10
CVE-2024-4449	Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-05-10
CVE-2024-4448	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-05-10
CVE-2024-4316	EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79	6.4	Medium	2024-05-09
CVE-2024-3728	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-05-02
CVE-2024-4156	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-05-02
CVE-2024-4003	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-20	6.4	Medium	2024-05-02
CVE-2024-3733	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Information Exposure — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-200	5.3	Medium	2024-04-25
CVE-2024-3818	Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79	5.4	Medium	2024-04-19
CVE-2024-3333	Essential Addons for Elementor <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-04-17
CVE-2024-2623	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79	6.4	Medium	2024-04-09
CVE-2024-2974	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-200	5.3	Medium	2024-04-09
CVE-2024-3244	EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79	6.4	Medium	2024-04-09
CVE-2024-2650	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-20	6.4	Medium	2024-04-09

This page lists every published CVE security advisory associated with wpdevteam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

wpdevteam — Vulnerabilities & Security Advisories 96