Browse all 7 CVE security advisories affecting DuoGeek. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DuoGeek provides multi-factor authentication and identity-based security solutions, primarily serving organizations requiring secure access controls. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws, with seven CVEs documented to date. The platform's security architecture emphasizes zero-trust principles, though past incidents have involved authentication bypass weaknesses in API endpoints. DuoGeek's integration capabilities have introduced additional attack surfaces, particularly in third-party connector implementations. Recent updates focus on improving input validation and session management to address recurring vulnerability patterns across their authentication workflows.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-56024 | WordPress Custom Dashboard Widget plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — Custom Dashboard WidgetCWE-79 | 7.1 | High | 2025-01-02 |
| CVE-2024-51860 | WordPress Custom Dashboard Widget plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability — Custom Dashboard WidgetCWE-79 | 6.5 | Medium | 2024-11-19 |
This page lists every published CVE security advisory associated with DuoGeek. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.