Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CRUDLab — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting CRUDLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CRUDLab develops web application frameworks primarily used for rapid database-driven application development. Historically, the product has been associated with multiple remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with eight CVEs documented to date. Common security weaknesses include insufficient input validation, insecure default configurations, and inadequate access controls. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations implementing CRUDLab solutions without hardening. The framework's focus on simplifying database operations has inadvertently created attack surfaces that require careful configuration and ongoing security monitoring to mitigate exploitation risks.

Top products by CRUDLab: Jazz Popups WP Like Button Image Gallery Box by CRUDLab CRUDLab Google Plus Button CRUDLab Like Box CRUDLab Scroll to Top
CVE IDTitleCVSSSeverityPublished
CVE-2025-22774 WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — CRUDLab Scroll to TopCWE-79 7.1 High2025-04-17
CVE-2025-23814 WordPress CRUDLab Like Box Plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability — CRUDLab Like BoxCWE-79 7.1 High2025-03-03
CVE-2025-23938 WordPress Image Gallery Box by CRUDLab Plugin <= 1.0.3 - Local File Inclusion vulnerability — Image Gallery Box by CRUDLabCWE-98 7.5 High2025-01-22
CVE-2024-54399 WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability — CRUDLab Google Plus ButtonCWE-352 7.1 High2024-12-16
CVE-2023-47820 WordPress WP Like Button plugin <= 1.7.0 - Broken Access Control vulnerability — WP Like ButtonCWE-862 4.3 Medium2024-12-09
CVE-2023-32966 WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF) leading to Stored XSS — Jazz PopupsCWE-352 5.4 Medium2023-11-07
CVE-2023-40199 WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF) — WP Like ButtonCWE-352 5.4 Medium2023-10-03
CVE-2023-32965 WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Scripting (XSS) — Jazz PopupsCWE-79 7.1 High2023-07-18

This page lists every published CVE security advisory associated with CRUDLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.