Browse all 13 CVE security advisories affecting CodeCanyon. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Codecanyon serves as a marketplace for purchasing and selling code scripts, themes, and plugins for web development. Historically, its products have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and insecure coding practices. While no major public security incidents have been widely documented, the platform's 13 recorded CVEs highlight ongoing security concerns in third-party code quality. Developers using Codecanyon resources face risks from potentially unvetted code, necessitating thorough security reviews before implementation to mitigate exposure to known vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7783 | CodeCanyon Perfex CRM Admin Kanban Endpoint AbstractKanban.php applySortQuery sql injection — Perfex CRMCWE-89 | 6.3 | Medium | 2026-05-04 |
| CVE-2026-7782 | CodeCanyon Perfex CRM Tenant Clients.php project authorization — Perfex CRMCWE-639 | 6.3 | Medium | 2026-05-04 |
| CVE-2025-3219 | CodeCanyon Perfex CRM Project Discussions Module 2 cross site scripting — Perfex CRMCWE-79 | 3.5 | Low | 2025-04-04 |
| CVE-2025-2974 | CodeCanyon Perfex CRM Contracts contract cross site scripting — Perfex CRMCWE-79 | 3.5 | Low | 2025-03-31 |
This page lists every published CVE security advisory associated with CodeCanyon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.