weiphp CVE Vulnerabilities & Metrics

Focus on weiphp vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About weiphp Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with weiphp. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total weiphp CVEs: 4
Earliest CVE date: 18 Dec 2020, 19:15 UTC
Latest CVE date: 08 Sep 2025, 19:15 UTC

Latest CVE reference: CVE-2025-55849

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical weiphp CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.12

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS weiphp CVEs

These are the five CVEs with the highest CVSS scores for weiphp, sorted by severity first and recency.

CVE-2020-20300 weiphp Published on 18 Dec 2020, 19:15 UTC (CVSS: 7.5)
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
CVE-2020-20299 weiphp Published on 18 Dec 2020, 19:15 UTC (CVSS: 5.0)
WeiPHP 5.0 does not properly restrict access to pages, related to using POST.
CVE-2025-55849 weiphp Published on 08 Sep 2025, 19:15 UTC (CVSS: 0)
WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee
CVE-2025-34045 weiphp Published on 26 Jun 2025, 16:15 UTC (CVSS: 0)
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted PO...

All CVEs for weiphp

CVE-2025-55849 weiphp vulnerability CVSS: 0 08 Sep 2025, 19:15 UTC

WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee

CVE-2025-34045 weiphp vulnerability CVSS: 0 26 Jun 2025, 16:15 UTC

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

CVE-2020-20300 weiphp vulnerability CVSS: 7.5 18 Dec 2020, 19:15 UTC

SQL injection vulnerability in the wp_where function in WeiPHP 5.0.

CVE-2020-20299 weiphp vulnerability CVSS: 5.0 18 Dec 2020, 19:15 UTC

WeiPHP 5.0 does not properly restrict access to pages, related to using POST.