Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpmudev — Vulnerabilities & Security Advisories 39

Browse all 39 CVE security advisories affecting wpmudev. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wpmudev:Forminator Forms – Contact Form, Payment Form & Custom Form BuilderHustle – Email Marketing, Lead Generation, Optins, PopupsBranda – White Label & Branding, Free Login Page CustomizerBroken Link CheckerSmartCrawl SEO checker, analyzer & optimizerDefender Security – Malware Scanner, Login Security & FirewallSmush – Image Optimization, Compression, Lazy Load, WebP & CDNAppointmentsHummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
CVE IDTitleCVSSSeverityPublished
CVE-2026-2263 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation — Hustle – Email Marketing, Lead Generation, Optins, PopupsCWE-862 5.3 Medium2026-04-07
CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-79 4.4 Medium2026-02-17
CVE-2026-0911 Hustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module Import — Hustle – Email Marketing, Lead Generation, Optins, PopupsCWE-434 7.5 High2026-01-24
CVE-2025-14782 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-862 5.3 Medium2026-01-09
CVE-2025-14998 Branda – White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover — Branda – White Label & Branding, Free Login Page CustomizerCWE-639 9.8 Critical2026-01-02
CVE-2025-14437 Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File — Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDNCWE-532 7.5 High2025-12-18
CVE-2017-20206 Appointments <= 2.2.1 - Unauthenticated PHP Object Injection — AppointmentsCWE-502 9.8 Critical2025-10-18
CVE-2025-11163 SmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings Update — SmartCrawl SEO checker, analyzer & optimizerCWE-284 4.3 Medium2025-09-30
CVE-2025-7638 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-89 4.9 Medium2025-07-18
CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-502 7.5 High2025-07-02
CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-73 8.8 High2025-07-02
CVE-2025-5341 Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-79 6.4 Medium2025-06-05
CVE-2025-4047 Broken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard View — Broken Link CheckerCWE-862 4.3 Medium2025-06-03
CVE-2025-3487 Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-79 6.4 Medium2025-04-17
CVE-2025-3479 Forminator <= 1.42.0 - Order Replay Vulnerability — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-354 5.3 Medium2025-04-17
CVE-2025-0469 Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-79 6.4 Medium2025-02-27
CVE-2025-0470 Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-79 6.1 Medium2025-01-31
CVE-2024-10580 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission — Hustle – Email Marketing, Lead Generation, Optins, PopupsCWE-862 5.3 Medium2024-11-27
CVE-2024-10579 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unpublished Form Exposure — Hustle – Email Marketing, Lead Generation, Optins, PopupsCWE-862 4.3 Medium2024-11-26
CVE-2024-9371 Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting — Branda – White Label & Branding, Free Login Page CustomizerCWE-79 6.1 Medium2024-11-21
CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-639 5.3 Medium2024-10-31
CVE-2024-10402 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-862 7.5 High2024-10-26
CVE-2024-9351 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-352 4.3 Medium2024-10-17
CVE-2024-9352 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-352 4.3 Medium2024-10-17
CVE-2024-8981 Broken Link Checker <= 2.4.0 - Reflected Cross-Site Scripting — Broken Link CheckerCWE-80 7.1 High2024-10-01
CVE-2024-7389 Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-522 7.5 High2024-08-02
CVE-2024-6554 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure — Branda – White Label & Branding, Free Login Page CustomizerCWE-200 5.3 Medium2024-07-11
CVE-2024-6556 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure — SmartCrawl SEO checker, analyzer & optimizerCWE-200 5.3 Medium2024-07-10
CVE-2024-5191 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload — Branda – White Label & Branding, Free Login Page CustomizerCWE-79 6.4 Medium2024-06-21
CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion — Smush – Image Optimization, Compression, Lazy Load, WebP & CDNCWE-862 4.3 Medium2024-06-21

This page lists every published CVE security advisory associated with wpmudev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.