Browse all 3 CVE security advisories affecting Bainternet. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bainternet develops WordPress security plugins focused on access control and hardening, with three CVEs recorded for RCE and privilege escalation vulnerabilities. Historically, their code has been susceptible to input validation flaws leading to unauthorized access. While no major public incidents have been documented, the CVEs highlight recurring issues in sanitization and permission checks. Their plugins typically implement firewall rules and login protections, though the presence of RCE vectors suggests ongoing challenges in secure coding practices. The vulnerabilities discovered primarily stem from insufficient parameter validation in administrative functions, allowing attackers to execute unauthorized commands or elevate privileges under specific configurations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-47231 | WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Scripting (XSS) — ShortCodes UICWE-79 | 6.5 | Medium | 2023-11-08 |
| CVE-2023-44994 | WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF) — ShortCodes UICWE-352 | 4.3 | Medium | 2023-10-10 |
This page lists every published CVE security advisory associated with Bainternet. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.