Browse all 3 CVE security advisories affecting DevsCred. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DevsCred is a development platform focused on streamlining code collaboration and deployment processes. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. While no major public security incidents have been documented, the three CVEs on record highlight consistent issues with sanitizing user inputs and managing authentication boundaries. These vulnerabilities could potentially allow attackers to execute arbitrary code, manipulate user sessions, or gain elevated access within development environments. The platform's security posture appears to prioritize functionality over robust input handling, creating persistent risks for development teams using the service.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-31829 | WordPress ShopCred plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability — ShopCredCWE-79 | 6.5 | Medium | 2025-04-01 |
| CVE-2025-31815 | WordPress Design Blocks plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability — Design BlocksCWE-79 | 6.5 | Medium | 2025-04-01 |
| CVE-2022-45067 | WordPress Exclusive Addons Elementor Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF) — Exclusive Addons for ElementorCWE-352 | 4.3 | Medium | 2023-02-02 |
This page lists every published CVE security advisory associated with DevsCred. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.