Browse all 7 CVE security advisories affecting AndonDesign. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AndonDesign develops web-based project management and collaboration tools used by small to medium businesses. Historically, their products have been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input validation and improper access controls. Privilege escalation vulnerabilities have also been recurrent, allowing unauthorized users to access sensitive project data. While no major public security incidents have been documented, their seven CVEs indicate consistent security weaknesses in authentication mechanisms and data handling. The company's products remain attractive targets due to their widespread use in managing business-critical information.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-63062 | WordPress UDesign Core plugin <= 4.14.0 - Local File Inclusion vulnerability — UDesign CoreCWE-98 | 7.5 | High | 2025-12-09 |
| CVE-2025-62051 | WordPress UDesign Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability — UDesign CoreCWE-79 | 6.5 | Medium | 2025-11-06 |
| CVE-2025-53234 | WordPress UDesign Core plugin <= 4.14.0 - Cross Site Scripting (XSS) vulnerability — UDesign CoreCWE-79 | 7.1 | High | 2025-10-22 |
| CVE-2025-53236 | WordPress UDesign Core plugin <= 4.14.0 - Broken Access Control vulnerability — UDesign CoreCWE-862 | 6.3 | Medium | 2025-10-22 |
This page lists every published CVE security advisory associated with AndonDesign. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.