Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Doofinder — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting Doofinder. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Doofinder is an e-commerce search platform that enhances product discovery on websites. Historically, vulnerabilities have included stored cross-site scripting (XSS) and remote code execution (RCE), often stemming from improper input validation and insufficient access controls. In 2021, a critical RCE vulnerability (CVE-2021-24451) allowed attackers to execute arbitrary code via crafted search queries. The platform has also faced privilege escalation issues due to weak authentication mechanisms. While no major public breaches have been documented, the consistent presence of XSS and RCE vulnerabilities in their history suggests ongoing challenges in securing user inputs and system access, requiring vigilant patch management and input sanitization.

Top products by Doofinder: Doofinder WP & WooCommerce Search Doofinder for WooCommerce Doofinder
CVE IDTitleCVSSSeverityPublished
CVE-2026-39542 WordPress Doofinder for WooCommerce plugin <= 2.10.13 - Sensitive Data Exposure vulnerability — Doofinder for WooCommerceCWE-201 5.3 Medium2026-04-08
CVE-2024-51697 WordPress Doofinder plugin <= 0.5.4 - Reflected Cross Site Scripting (XSS) vulnerability — DoofinderCWE-79 7.1 High2024-11-09
CVE-2024-25596 WordPress Doofinder for WooCommerce plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability — Doofinder for WooCommerceCWE-79 5.9 Medium2024-03-15
CVE-2023-51678 WordPress Doofinder for WooCommerce Plugin <= 2.0.33 is vulnerable to Broken Access Control — Doofinder WP & WooCommerce SearchCWE-352 4.3 Medium2024-01-05
CVE-2023-40602 WordPress Doofinder for WooCommerce Plugin <= 1.5.49 is vulnerable to Open Redirection — Doofinder WP & WooCommerce SearchCWE-601 4.7 Medium2023-12-19
CVE-2023-49185 WordPress Doofinder for WooCommerce Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) — Doofinder WP & WooCommerce SearchCWE-79 7.1 High2023-12-15

This page lists every published CVE security advisory associated with Doofinder. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.