Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SevenSpark — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting SevenSpark. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sevenspark develops web applications and content management systems, primarily serving digital agencies and businesses requiring custom online solutions. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, with 10 CVEs documented to date. Notable security characteristics include inconsistent input validation and insufficient access controls in several components. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities across different products suggests systemic security challenges in their development practices, particularly regarding secure coding standards and timely patch management.

Top products by SevenSpark: Contact Form 7 – Dynamic Text Extension Bellows Accordion Menu UberMenu Menu Swapper ShiftNav – Responsive Mobile Menu
CVE IDTitleCVSSSeverityPublished
CVE-2025-63068 WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability — Contact Form 7 – Dynamic Text ExtensionCWE-80 5.3 Medium2025-12-09
CVE-2025-49243 WordPress ShiftNav – Responsive Mobile Menu plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability — ShiftNav – Responsive Mobile MenuCWE-79 6.5 Medium2025-06-06
CVE-2025-49242 WordPress Bellows Accordion Menu plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability — Bellows Accordion MenuCWE-79 6.5 Medium2025-06-06
CVE-2024-56218 WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability — Contact Form 7 – Dynamic Text ExtensionCWE-352 4.3 Medium2024-12-31
CVE-2024-10084 Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode — Contact Form 7 – Dynamic Text ExtensionCWE-200 4.3 Medium2024-11-05
CVE-2024-3593 UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset — UberMenuCWE-352 7.2 High2024-06-22
CVE-2024-4710 Uber Menu <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — UberMenuCWE-79 6.4 Medium2024-05-21
CVE-2023-6630 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference — Contact Form 7 – Dynamic Text ExtensionCWE-359 4.3 Medium2024-01-11
CVE-2023-5164 Bellows Accordion Menu <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Bellows Accordion MenuCWE-79 6.4 Medium2023-10-30
CVE-2020-36746 Menu Swapper <= 1.1.0.2 - Cross-Site Request Forgery Bypass — Menu SwapperCWE-352 4.3 Medium2023-07-01

This page lists every published CVE security advisory associated with SevenSpark. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.