Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Soflyy — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting Soflyy. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Soflyy develops WordPress plugins, primarily for membership and content management, with 14 CVEs recorded. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Notable characteristics include vulnerabilities in file upload mechanisms and inadequate sanitization of user-supplied data. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in their plugins highlights ongoing challenges in secure coding practices, particularly for web applications handling user-generated content and access management.

Top products by Soflyy: WP All Import Pro WP All Import Oxygen Builder Import any XML or CSV File to WordPress (WordPress plugin) Breakdance Import any XML or CSV File to WordPress WP Dynamic Links WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel WP Wizard Cloak
CVE IDTitleCVSSSeverityPublished
CVE-2025-53237 WordPress WP Wizard Cloak Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — WP Wizard CloakCWE-79 7.1 High2026-02-20
CVE-2026-1582 WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling — WP All Export – Drag & Drop Export to Any Custom CSV, XML & ExcelCWE-200 3.7 Low2026-02-18
CVE-2025-49038 WordPress WP Dynamic Links plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — WP Dynamic LinksCWE-79 7.1 High2025-08-14
CVE-2024-9664 WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) PHP Object Injection via Import File — WP All Import ProCWE-502 7.2 High2025-02-07
CVE-2024-9661 WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion — WP All Import ProCWE-352 4.3 Medium2025-02-07
CVE-2024-8722 WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload — WP All Import ProCWE-79 5.5 Medium2025-01-19
CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import — WP All Import ProCWE-918 7.6 High2024-12-17
CVE-2024-31939 WordPress Import any XML or CSV File to WordPress plugin <= 3.7.3 - Cross Site Request Forgery (CSRF) vulnerability — Import any XML or CSV File to WordPressCWE-352 4.3 Medium2024-04-10
CVE-2024-31380 WordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerability — Oxygen BuilderCWE-94 9.9 Critical2024-04-03
CVE-2024-31390 WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability — BreakdanceCWE-94 9.9 Critical2024-04-03
CVE-2022-46841 WordPress Oxygen Builder Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) — Oxygen BuilderCWE-352 5.4 Medium2023-10-03
CVE-2022-36386 WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability — Import any XML or CSV File to WordPress (WordPress plugin) 9.1 Critical2022-09-21
CVE-2018-0546 WordPress WP All Import插件跨站脚本漏洞 — WP All Import 5.4 -2018-03-09
CVE-2018-0547 WordPress WP All Import插件跨站脚本漏洞 — WP All Import 5.4 -2018-03-09

This page lists every published CVE security advisory associated with Soflyy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.