Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

BeRocket — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting BeRocket. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BeRocket develops WordPress plugins for e-commerce optimization, including filters, sliders, and search functionality. Historically, its products have frequently contained stored cross-site scripting (XSS) vulnerabilities, often due to insufficient input sanitization in administrative settings. Remote code execution risks have also been identified in several components, typically through unsafe file operations or improper capability checks. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in BeRocket's extensions has led to multiple CVE assignments, highlighting ongoing security challenges in input validation and access control within their plugin ecosystem.

Top products by BeRocket: Brands for WooCommerce Advanced AJAX Product Filters Sequential Order Numbers for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-1426 Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility — Advanced AJAX Product FiltersCWE-502 8.8 High2026-02-18
CVE-2025-68519 WordPress Brands for WooCommerce plugin <= 3.8.6.3 - SQL Injection vulnerability — Brands for WooCommerceCWE-89 8.5 High2025-12-24
CVE-2025-32263 WordPress Sequential Order Numbers for WooCommerce plugin <= 3.6.2 - Cross Site Request Forgery (CSRF) vulnerability — Sequential Order Numbers for WooCommerceCWE-352 4.3 Medium2025-04-04
CVE-2025-1505 Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting — Advanced AJAX Product FiltersCWE-79 6.1 Medium2025-02-28
CVE-2023-44149 WordPress Brands for WooCommerce plugin <= 3.8.2.2 - Broken Access Control vulnerability — Brands for WooCommerceCWE-862 5.3 Medium2024-12-13
CVE-2023-23667 WordPress Brands for WooCommerce Plugin <= 3.7.0.6 is vulnerable to Cross Site Scripting (XSS) — Brands for WooCommerceCWE-79 6.5 Medium2023-05-18

This page lists every published CVE security advisory associated with BeRocket. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.