Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

JoomUnited — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting JoomUnited. AI-powered Chinese analysis, POCs, and references for each vulnerability.

JoomUnited operates as a developer of extensions for the Joomla content management system, providing tools for e-commerce, booking, and social networking. Security audits have identified twenty distinct Common Vulnerabilities and Exposures (CVEs) associated with its software portfolio, indicating a persistent history of security flaws. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls. Several incidents highlight critical privilege escalation risks, allowing unauthenticated attackers to gain administrative access or execute arbitrary code on affected servers. These issues frequently arise in older versions of popular plugins, emphasizing the necessity for rigorous code review and timely patching. The accumulation of these CVEs suggests that while the extensions offer functional utility, their security posture has been inconsistent, requiring users to prioritize version updates and configuration hardening to mitigate potential exploitation vectors.

Top products by JoomUnited: WP Meta SEO WP Table Manager WP Media folder WP Meta SEO (WordPress plugin) WP File Download Light WP Latest Posts
CVE IDTitleCVSSSeverityPublished
CVE-2024-13374 WP Table Manager <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disclosure — WP Table ManagerCWE-862 4.3 Medium2025-02-12
CVE-2022-47601 WordPress WP Table Manager plugin <= 3.5.2 - Broken Access Control — WP Table ManagerCWE-862 5.3 Medium2025-01-02
CVE-2024-45455 WordPress WP Meta SEO plugin <= 4.5.13 - Cross Site Scripting (XSS) vulnerability — WP Meta SEOCWE-79 5.9 Medium2024-09-15
CVE-2024-45456 WordPress WP Meta SEO plugin <= 4.5.13 - Cross Site Scripting (XSS) vulnerability — WP Meta SEOCWE-79 6.5 Medium2024-09-15
CVE-2024-4135 WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — WP Latest PostsCWE-94 5.4 Medium2024-05-08
CVE-2023-6961 WP Meta SEO <= 4.5.12 - Unauthenticated Stored Cross-Site Scripting via Referer header — WP Meta SEOCWE-79 7.2 High2024-05-02
CVE-2023-6962 WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description — WP Meta SEOCWE-1230 5.3 Medium2024-05-02
CVE-2024-32539 WordPress WP File Download Light plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability — WP File Download LightCWE-79 6.5 Medium2024-04-17
CVE-2024-25907 WordPress WP Media folder plugin <= 5.7.2 - Plugin Settings Change vulnerability — WP Media folderCWE-862 5.4 Medium2024-03-21
CVE-2024-25908 WordPress WP Media folder plugin <= 5.7.2 - Subscriber+ Arbitrary Post/Page Modification vulnerability — WP Media folderCWE-862 4.3 Medium2024-03-21
CVE-2024-25909 WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload — WP Media folderCWE-434 9.9 Critical2024-02-26
CVE-2022-47602 WordPress WP Table Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS) — WP Table ManagerCWE-79 6.5 Medium2023-03-29
CVE-2023-1022 WP Meta SEO <= 4.5.3 - Missing Authorization in 'wpmsGGSaveInformation' — WP Meta SEOCWE-862 5.4 Medium2023-02-28
CVE-2023-1023 WP Meta SEO <= 4.5.3 - Missing Authorization in 'saveSitemapSettings' — WP Meta SEOCWE-862 5.4 Medium2023-02-28
CVE-2023-1024 WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps' — WP Meta SEOCWE-862 4.3 Medium2023-02-28
CVE-2023-1026 WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory' — WP Meta SEOCWE-862 4.3 Medium2023-02-28
CVE-2023-1027 WP Meta SEO <= 4.5.3 - Missing Authorization in 'checkAllCategoryInSitemap' — WP Meta SEOCWE-862 4.3 Medium2023-02-28
CVE-2023-1028 WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'setIgnore' — WP Meta SEOCWE-352 4.3 Medium2023-02-28
CVE-2023-1029 WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps' — WP Meta SEOCWE-352 4.3 Medium2023-02-24
CVE-2022-30337 WordPress WP Meta SEO plugin <= 4.4.8 - Social Settings Update vis Cross-Site Request Forgery (CSRF) vulnerability — WP Meta SEO (WordPress plugin)CWE-352 5.4 Medium2022-07-21

This page lists every published CVE security advisory associated with JoomUnited. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.