Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Iqonic Design — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting Iqonic Design. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Iqonic Design develops WordPress themes and plugins for website creation, with 15 CVEs recorded, primarily involving stored cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities. Historically, their products have frequently contained insufficient input validation and improper sanitization, allowing attackers to execute arbitrary code or inject malicious content. Notable security characteristics include inconsistent patching timelines and recurring similar flaws across multiple products. While no major public incidents have been widely documented, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices, particularly in handling user-supplied data and implementing proper access controls.

Top products by Iqonic Design: KiviCare WPBookit Graphina WP Roadmap – Product Feedback Board WP Roadmap
CVE IDTitleCVSSSeverityPublished
CVE-2026-25383 WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability — KiviCareCWE-79 7.1 High2026-03-25
CVE-2026-25034 WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability — KiviCareCWE-862 6.5 Medium2026-03-25
CVE-2026-25022 WordPress KiviCare plugin <= 3.6.16 - SQL Injection vulnerability — KiviCareCWE-89 8.5 High2026-02-03
CVE-2025-66095 WordPress KiviCare plugin <= 3.6.13 - SQL Injection vulnerability — KiviCareCWE-89 8.5 High2025-11-21
CVE-2025-52822 WordPress WP Roadmap plugin <= 2.1.3 - SQL Injection vulnerability — WP RoadmapCWE-89 8.5 High2025-06-20
CVE-2025-47533 WordPress Graphina plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) to Local File Inclusion vulnerability — GraphinaCWE-352 8.1 High2025-05-07
CVE-2025-47480 WordPress Graphina plugin <= 3.0.4 - Broken Access Control Vulnerability — GraphinaCWE-862 5.4 Medium2025-05-07
CVE-2025-32254 WordPress WPBookit plugin <= 1.0.7 - Broken Access Control vulnerability — WPBookitCWE-862 5.3 Medium2025-04-04
CVE-2025-26910 WordPress WPBookit plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability — WPBookitCWE-352 7.1 High2025-03-10
CVE-2025-0357 WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload — WPBookitCWE-434 9.8 Critical2025-01-25
CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change — WPBookitCWE-639 9.8 Critical2025-01-09
CVE-2024-54280 WordPress WPBookit plugin <= 1.6.0 - SQL Injection vulnerability — WPBookitCWE-89 9.3 Critical2024-12-16
CVE-2024-43124 WordPress Graphina plugin <= 1.8.10 - Cross Site Scripting (XSS) vulnerability — GraphinaCWE-79 6.5 Medium2024-08-12
CVE-2024-35659 WordPress KiviCare plugin <= 3.6.6 - Insecure Direct Object References (IDOR) vulnerability — KiviCareCWE-862 5.3 Medium2024-06-08
CVE-2023-41128 WordPress WP Roadmap Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS) — WP Roadmap – Product Feedback BoardCWE-79 5.9 Medium2023-11-30

This page lists every published CVE security advisory associated with Iqonic Design. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.