Browse all 6 CVE security advisories affecting DevriX. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DevriX specializes in WordPress development and maintenance, serving clients requiring secure custom plugin and theme solutions. Historically, their code has been associated with multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, contributing to six recorded CVEs. While no major public security incidents have been documented, their vulnerability pattern suggests consistent exposure to authentication bypasses and insufficient input sanitization. The organization's security posture appears reactive rather than preventive, with remediation typically occurring post-disclosure rather than through proactive security testing. Their codebase remains a study in common WordPress security pitfalls, emphasizing the need for rigorous security reviews in custom development environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4766 | Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta — Easy Image GalleryCWE-79 | 6.4 | Medium | 2026-03-25 |
| CVE-2025-9892 | Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update — Restrict User RegistrationCWE-352 | 5.3 | Medium | 2025-10-03 |
| CVE-2025-32655 | WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability — Restrict User RegistrationCWE-352 | 7.1 | High | 2025-04-17 |
| CVE-2025-28931 | WordPress WordPress Hashtags plugin <= 0.3.2 - CSRF to Stored XSS vulnerability — HashtagsCWE-352 | 7.1 | High | 2025-03-11 |
| CVE-2025-23575 | WordPress DX Sales CRM plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability — DX Sales CRMCWE-79 | 7.1 | High | 2025-03-03 |
| CVE-2024-54337 | WordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability — DX Dark SiteCWE-352 | 7.1 | High | 2024-12-13 |
This page lists every published CVE security advisory associated with DevriX. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.