Browse all 3 CVE security advisories affecting Andrew. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Andrew specializes in web application security with a focus on identifying and mitigating vulnerabilities in enterprise systems. Historically, Andrew's findings have predominantly centered on remote code execution, cross-site scripting, and privilege escalation vulnerabilities, particularly in legacy applications. While no major public incidents are directly attributed to Andrew's work, the three CVEs on record demonstrate consistent identification of critical flaws that could lead to system compromise. Andrew's approach emphasizes practical remediation strategies, with particular attention to authentication bypass and insecure direct object reference issues. The documented vulnerabilities highlight a pattern of uncovering flaws in poorly input-validated endpoints and misconfigured access controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39701 | WordPress ShopWP plugin <= 5.2.4 - Broken Access Control vulnerability — ShopWPCWE-862 | 5.3 | Medium | 2026-04-08 |
This page lists every published CVE security advisory associated with Andrew. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.