Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CodeCanyon — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting CodeCanyon. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Codecanyon serves as a marketplace for purchasing and selling code scripts, themes, and plugins for web development. Historically, its products have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and insecure coding practices. While no major public security incidents have been widely documented, the platform's 13 recorded CVEs highlight ongoing security concerns in third-party code quality. Developers using Codecanyon resources face risks from potentially unvetted code, necessitating thorough security reviews before implementation to mitigate exposure to known vulnerabilities.

Top products by CodeCanyon: Perfex CRM RISE Ultimate Project Manager CRMGo SaaS Tiva Events Calender Credit Lite iDentSoft Mentor LMS
CVE IDTitleCVSSSeverityPublished
CVE-2026-7783 CodeCanyon Perfex CRM Admin Kanban Endpoint AbstractKanban.php applySortQuery sql injection — Perfex CRMCWE-89 6.3 Medium2026-05-04
CVE-2026-7782 CodeCanyon Perfex CRM Tenant Clients.php project authorization — Perfex CRMCWE-639 6.3 Medium2026-05-04
CVE-2025-11304 CodeCanyon/ui-lib Mentor LMS API cross-domain policy — Mentor LMSCWE-942 6.3 Medium2025-10-05
CVE-2025-7898 Codecanyon iDentSoft Account Setting Page updateSetting unrestricted upload — iDentSoftCWE-434 4.7 Medium2025-07-20
CVE-2025-3855 CodeCanyon RISE Ultimate Project Manager Profile Picture save_profile_image resource injection — RISE Ultimate Project ManagerCWE-99 4.3 Medium2025-04-22
CVE-2025-3219 CodeCanyon Perfex CRM Project Discussions Module 2 cross site scripting — Perfex CRMCWE-79 3.5 Low2025-04-04
CVE-2025-2974 CodeCanyon Perfex CRM Contracts contract cross site scripting — Perfex CRMCWE-79 3.5 Low2025-03-31
CVE-2024-9031 CodeCanyon CRMGo SaaS show cross site scripting — CRMGo SaaSCWE-79 3.5 Low2024-09-20
CVE-2024-9030 CodeCanyon CRMGo SaaS note cross site scripting — CRMGo SaaSCWE-79 3.5 Low2024-09-20
CVE-2024-8945 CodeCanyon RISE Ultimate Project Manager save sql injection — RISE Ultimate Project ManagerCWE-89 5.5 Medium2024-09-17
CVE-2024-0545 CodeCanyon RISE Ultimate Project Manager signin redirect — RISE Ultimate Project ManagerCWE-601 5.3 Medium2024-01-15
CVE-2023-4407 Codecanyon Credit Lite POST Request account_statement sql injection — Credit LiteCWE-89 6.3 Medium2023-08-18
CVE-2023-3787 Codecanyon Tiva Events Calender cross site scripting — Tiva Events CalenderCWE-79 3.5 Low2023-07-20

This page lists every published CVE security advisory associated with CodeCanyon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.