Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

wpengine — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting wpengine. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPengine provides managed WordPress hosting services, enabling businesses to deploy and scale websites on its platform. Historically, the service has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations or third-party integrations. While WPengine maintains robust security measures, its 4 recorded CVEs highlight potential risks in complex hosting environments. The platform offers features like automatic updates and malware scanning, but its multi-tenant architecture requires careful isolation between customer instances. No major public security incidents have been widely reported, though the concentration of WordPress sites makes it a persistent target for attackers seeking to exploit vulnerabilities in either the core platform or customer implementations.

CVE IDTitleCVSSSeverityPublished
CVE-2026-8382 Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters — Advanced Custom Fields (ACF®)CWE-862 5.3 Medium2026-05-31
CVE-2026-4029 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export — Database Backup for WordPressCWE-862 7.5 High2026-05-14
CVE-2026-4030 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion — Database Backup for WordPressCWE-862 8.1 High2026-05-14
CVE-2026-4031 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception — Database Backup for WordPressCWE-862 7.5 High2026-05-14
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters — Advanced Custom Fields (ACF®)CWE-862 5.3 Medium2026-04-15
CVE-2025-11427 WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery — WP Migrate Lite – Migration Made EasyCWE-918 5.8 Medium2025-11-18
CVE-2023-6701 Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field — Advanced Custom Fields (ACF®)CWE-79 6.4 Medium2024-02-05
CVE-2023-6933 Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection — Better Search ReplaceCWE-502 8.8 High2024-02-05

This page lists every published CVE security advisory associated with wpengine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.