Browse all 5 CVE security advisories affecting HelloAsso. AI-powered Chinese analysis, POCs, and references for each vulnerability.
HelloAsso is a French online payment platform primarily used by non-profits and associations for collecting donations and managing payments. Historically, the platform has been susceptible to several security vulnerabilities, including cross-site scripting (XSS) and remote code execution (RCE) flaws, as evidenced by its five recorded CVEs. These vulnerabilities often stemmed from improper input validation and insufficient access controls. While no major public security incidents have been widely reported, the presence of multiple CVEs indicates potential risks for users, particularly regarding data integrity and unauthorized access. Organizations using the platform should ensure timely updates and implement additional security measures to mitigate potential exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24575 | WordPress HelloAsso plugin <= 1.1.11 - Cross Site Scripting (XSS) vulnerability — HelloAssoCWE-79 | 6.5 | Medium | 2025-01-24 |
| CVE-2024-44052 | WordPress HelloAsso plugin <= 1.1.10 - Broken Access Control vulnerability — HelloAssoCWE-862 | 4.3 | Medium | 2024-11-01 |
| CVE-2024-7605 | HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update — HelloAssoCWE-862 | 4.3 | Medium | 2024-09-05 |
| CVE-2024-37488 | WordPress HelloAsso plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability — HelloAssoCWE-79 | 6.5 | Medium | 2024-07-21 |
| CVE-2024-32697 | WordPress HelloAsso plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability — HelloAssoCWE-79 | 6.5 | Medium | 2024-04-22 |
This page lists every published CVE security advisory associated with HelloAsso. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.