Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CedCommerce — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting CedCommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CedCommerce develops e-commerce integration solutions for platforms like Magento and Shopify, enabling third-party marketplace connections. Historically, their products have faced multiple remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from insufficient input validation and insecure deserialization. In 2021, a critical RCE flaw in their Magento extension allowed attackers to execute arbitrary server commands, affecting numerous merchants. Despite patches, recurring issues suggest persistent challenges in secure coding practices. The company maintains seven CVEs to date, with privilege escalation and authentication bypass vulnerabilities also appearing in their product history. Their extensions' broad system access continues to make them attractive targets for exploitation.

Top products by CedCommerce: WP Advanced PDF Recently viewed and most viewed products One Click Order Re-Order Ship Per Product Product Lister for eBay CedCommerce Integration for Good Market
CVE IDTitleCVSSSeverityPublished
CVE-2025-62138 WordPress WP Advanced PDF plugin <= 1.1.7 - Other vulnerability Type vulnerability — WP Advanced PDFCWE-862 5.4 Medium2025-12-31
CVE-2025-68877 WordPress CedCommerce Integration for Good Market plugin <= 1.0.6 - Local File Inclusion vulnerability — CedCommerce Integration for Good MarketCWE-98 7.5 High2025-12-29
CVE-2025-57945 WordPress WP Advanced PDF Plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability — WP Advanced PDFCWE-79 5.9 Medium2025-09-22
CVE-2025-39384 WordPress Product Lister for eBay plugin <= 2.0.9 - Local File Inclusion vulnerability — Product Lister for eBayCWE-98 7.5 High2025-04-24
CVE-2025-31773 WordPress Ship Per Product plugin <= 2.1.0 - Broken Access Control vulnerability — Ship Per ProductCWE-862 5.3 Medium2025-04-01
CVE-2024-5641 One Click Order Re-Order <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — One Click Order Re-OrderCWE-862 6.4 Medium2024-07-04
CVE-2023-47646 WordPress Recently viewed and most viewed products Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS) — Recently viewed and most viewed productsCWE-79 5.9 Medium2023-11-14

This page lists every published CVE security advisory associated with CedCommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.