Browse all 3 CVE security advisories affecting Paolo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Paolo primarily develops web applications and APIs for enterprise clients, with a core use case in customer-facing authentication systems. Historically, Paolo's code has been associated with Cross-Site Scripting (XSS) and Remote Code Execution (RCE) vulnerabilities, often stemming from improper input validation and insecure deserialization. Security characteristics include inconsistent patch management and insufficient logging mechanisms. While no major public incidents have been documented, Paolo's three CVEs highlight recurring issues in session handling and access control, suggesting a pattern of insufficient security-by-design implementation in development workflows.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24549 | WordPress GeoDirectory plugin <= 2.8.149 - Cross Site Request Forgery (CSRF) vulnerability — GeoDirectoryCWE-352 | 4.3 | Medium | 2026-01-23 |
| CVE-2024-56259 | WordPress GeoDirectory plugin <= 2.3.84 - Cross Site Scripting (XSS) vulnerability — GeoDirectoryCWE-79 | 6.5 | Medium | 2025-01-02 |
| CVE-2024-50437 | WordPress GeoDirectory plugin <= 2.3.80 - Cross Site Scripting (XSS) vulnerability — GeoDirectoryCWE-79 | 6.5 | Medium | 2024-10-28 |
This page lists every published CVE security advisory associated with Paolo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.