Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Roxnor — Vulnerabilities & Security Advisories 76

Browse all 76 CVE security advisories affecting Roxnor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Roxnor operates as a specialized provider of network security solutions, primarily focusing on intrusion detection and prevention systems designed to monitor and secure enterprise network traffic. Historical security audits have identified a significant volume of vulnerabilities within its software infrastructure, with 76 Common Vulnerabilities and Exposures currently on record. These flaws predominantly involve remote code execution and cross-site scripting, allowing attackers to potentially bypass authentication mechanisms or execute arbitrary commands on affected devices. Privilege escalation vulnerabilities have also been documented, enabling lower-privileged users to gain administrative control. While specific major public incidents remain largely contained within technical disclosure reports, the high count of disclosed CVEs indicates persistent challenges in the product’s secure development lifecycle. Organizations utilizing Roxnor appliances are advised to apply vendor patches promptly to mitigate risks associated with these known exploitation vectors and ensure continuous network integrity.

Top products by Roxnor: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers Wp Social Login and Register Social Counter EmailKit – Email Customizer for WooCommerce & WP Metform Wp Ultimate Review ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools ElementsKit Elementor addons Lite FundEngine PopupKit FundEngine – Donation and Crowdfunding Platform EmailKit GetGenie
CVE IDTitleCVSSSeverityPublished
CVE-2026-4362 ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-862 6.5 Medium2026-05-05
CVE-2026-5957 EmailKit <= 1.6.5 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter — EmailKit – Email Customizer for WooCommerce & WPCWE-22 6.5 Medium2026-05-05
CVE-2026-39644 WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability — Wp Ultimate ReviewCWE-862 5.3 Medium2026-04-08
CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-79 6.4 Medium2026-04-04
CVE-2026-3474 EmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter — EmailKit – Email Customizer for WooCommerce & WPCWE-22 4.9 Medium2026-03-20
CVE-2026-2879 GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion — GetGenie – AI Content Writer with Keyword Research & SEO Tracking ToolsCWE-639 5.4 Medium2026-03-13
CVE-2026-2257 GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API — GetGenie – AI Content Writer with Keyword Research & SEO Tracking ToolsCWE-639 6.4 Medium2026-03-13
CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-306 10.0 Critical2026-02-23
CVE-2026-1925 EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification — EmailKit – Email Customizer for WooCommerce & WPCWE-862 4.3 Medium2026-02-18
CVE-2025-14895 PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-862 5.4 Medium2026-02-10
CVE-2025-13192 Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-89 8.2 High2026-02-04
CVE-2026-0633 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorCWE-287 3.7 Low2026-01-24
CVE-2026-24356 WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability — GetGenieCWE-862 4.9 Medium2026-01-22
CVE-2026-1003 GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion — GetGenie – AI Content Writer with Keyword Research & SEO Tracking ToolsCWE-862 4.3 Medium2026-01-16
CVE-2025-14059 EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal — EmailKit – Email Customizer for WooCommerce & WPCWE-73 6.5 Medium2026-01-07
CVE-2025-14441 Popupkit <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-862 4.3 Medium2026-01-06
CVE-2025-69026 WordPress PopupKit plugin <= 2.1.5 - Sensitive Data Exposure vulnerability — PopupKitCWE-497 4.3 Medium2025-12-30
CVE-2025-14314 WordPress PopupKit plugin <= 2.1.5 - SQL Injection vulnerability — PopupKitCWE-89 8.5 High2025-12-18
CVE-2025-63057 WordPress Wp Ultimate Review plugin <= 2.3.7 - Cross Site Scripting (XSS) vulnerability — Wp Ultimate ReviewCWE-79 6.5 Medium2025-12-09
CVE-2025-13620 Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering — Wp Social Login and Register Social CounterCWE-862 5.3 Medium2025-12-05
CVE-2025-12358 ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation — ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce SolutionCWE-352 4.3 Medium2025-12-03
CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update — ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce SolutionCWE-863 2.7 Low2025-10-25
CVE-2025-10861 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-918 7.5 High2025-10-24
CVE-2025-10862 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id' — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-89 7.5 High2025-10-09
CVE-2025-60106 WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability — EmailKitCWE-862 4.9 Medium2025-09-26
CVE-2025-10173 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update — ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce SolutionCWE-862 2.7 Low2025-09-26
CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability — FundEngineCWE-98 7.5 High2025-08-20
CVE-2025-5684 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorCWE-79 6.4 Medium2025-07-29
CVE-2025-3614 ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-79 6.4 Medium2025-07-24
CVE-2025-4479 ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-79 6.4 Medium2025-06-19

This page lists every published CVE security advisory associated with Roxnor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.