Browse all 3 CVE security advisories affecting Eggemplo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Eggemplo provides a cloud-based collaboration platform for remote teams, focusing on document sharing and project management. Historically, the application has been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation vulnerabilities, as evidenced by its three recorded CVEs. Security researchers have identified consistent input validation weaknesses and insufficient access controls in its API endpoints. While no major public security incidents have been reported, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices, particularly regarding user-supplied data handling and session management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12651 | Live Photos on WordPress <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Live Photos on WordPressCWE-79 | 6.4 | Medium | 2025-11-11 |
| CVE-2023-38397 | WordPress Gestion-Pymes Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS) — Gestion-PymesCWE-79 | 5.9 | Medium | 2023-08-10 |
| CVE-2023-27627 | WordPress Woocommerce Email Report Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS) — Woocommerce Email ReportCWE-79 | 7.1 | High | 2023-08-08 |
This page lists every published CVE security advisory associated with Eggemplo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.