Browse all 3 CVE security advisories affecting Propovoice. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Propovoice is a WordPress plugin designed for proposal and contract management. Historically, it has been susceptible to multiple remote code execution vulnerabilities, often stemming from insufficient input validation and improper file handling. Cross-site scripting (XSS) has also been prevalent, allowing attackers to inject malicious scripts. The plugin has faced privilege escalation issues where users could gain unauthorized access to administrative functions. With three CVEs documented, Propovoice's security track record shows consistent weaknesses in access controls and data sanitization. No major public security incidents have been reported, but the documented vulnerabilities highlight ongoing risks in its architecture, particularly around file operations and user permissions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-43941 | WordPress Propovoice Pro plugin <= 1.7.0.3 - Unauthenticated SQL Injection vulnerability — Propovoice ProCWE-89 | 9.3 | Critical | 2024-08-29 |
This page lists every published CVE security advisory associated with Propovoice. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.