Wpdeveloper 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、パス処理の欠陥、vendor risk sql injection, and vendor risk csrf があり、vendor surface software deployment の利用場面で vendor impact session compromise、ファイル上書き, and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-47762 | Missing Authorization vulnerability in WPDeveloper BetterDocs betterdocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through <= 2.5.2. | [email protected] | 4.3 | 0.32% | 2024-12-09 | 2026-04-29 |
| CVE-2023-47760 | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0. | [email protected] | 4.3 | 0.44% | 2024-12-09 | 2026-04-29 |
| CVE-2024-11203 | The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will exe | [email protected] | 6.4 | 0.36% | 2024-11-28 | 2025-04-11 |
| CVE-2024-8979 | The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens | [email protected] | 8.0 | 0.49% | 2024-11-15 | 2024-11-19 |
| CVE-2024-8978 | The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, a | [email protected] | 5.7 | 0.46% | 2024-11-15 | 2024-11-19 |
| CVE-2024-8961 | The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injec | [email protected] | 6.4 | 0.29% | 2024-11-15 | 2024-11-19 |
| CVE-2024-51672 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks betterlinks allows SQL Injection.This issue affects BetterLinks: from n/a through <= 2.1.7. | [email protected] | 7.6 | 0.46% | 2024-11-04 | 2026-04-23 |
| CVE-2024-43323 | Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28. | [email protected] | 5.3 | 0.47% | 2024-11-01 | 2024-11-19 |
| CVE-2024-38707 | Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4. | [email protected] | 6.3 | 0.41% | 2024-11-01 | 2025-03-24 |
| CVE-2024-50461 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper EmbedPress embedpress allows Stored XSS.This issue affects EmbedPress: from n/a through <= 4.0.14. | [email protected] | 6.5 | 0.18% | 2024-10-28 | 2026-04-23 |
| CVE-2021-4447 | The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user. | [email protected] | 8.8 | 0.44% | 2024-10-16 | 2025-01-10 |
| CVE-2021-4446 | The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins. | [email protected] | 6.3 | 0.25% | 2024-10-16 | 2025-01-10 |
| CVE-2024-47385 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.8.4. | [email protected] | 6.5 | 0.18% | 2024-10-05 | 2026-04-23 |
| CVE-2024-8742 | The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute | [email protected] | 6.4 | 0.34% | 2024-09-13 | 2024-09-27 |
| CVE-2024-8440 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user | [email protected] | 6.4 | 0.35% | 2024-09-11 | 2024-09-25 |
| CVE-2024-43936 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8. | [email protected] | 6.5 | 0.31% | 2024-08-29 | 2024-09-03 |
| CVE-2024-43328 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9. | [email protected] | 8.3 | 0.47% | 2024-08-19 | 2025-04-05 |
| CVE-2024-43129 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8. | [email protected] | 6.5 | 0.57% | 2024-08-13 | 2024-09-12 |
| CVE-2024-7092 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected p | [email protected] | 6.4 | 0.42% | 2024-08-13 | 2025-01-08 |
| CVE-2024-43227 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper BetterDocs allows Stored XSS.This issue affects BetterDocs: from n/a through 3.5.8. | [email protected] | 6.5 | 0.23% | 2024-08-12 | 2026-01-23 |