Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Softaculous — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting Softaculous. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Softaculous operates as an automated script installer for web hosting environments, enabling users to deploy applications like WordPress or Joomla with minimal manual configuration. Despite its utility, the platform has accumulated thirty-five recorded Common Vulnerabilities and Exposures, reflecting significant security challenges in its codebase. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation or improper access controls within the installer scripts. These defects allow attackers to potentially compromise underlying server infrastructure or gain unauthorized administrative access to hosted applications. While no single catastrophic breach has been widely publicized as a direct result of these specific CVEs, the high volume of disclosed issues indicates persistent weaknesses in the software’s security architecture. This pattern necessitates rigorous patching and careful deployment practices for administrators relying on the tool.

Found 12 results / 35Clear Filters
Top products by Softaculous: Page Builder: Pagelayer – Drag and Drop website builder Backuply – Backup, Restore, Migrate and Clone FileOrganizer – WordPress File Manager SiteSEO – SEO Simplified Webuzo Loginizer PageLayer SpeedyCache – Cache, Optimization, Performance SpeedyCache Loginizer Security
CVE IDTitleCVSSSeverityPublished
CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2026-04-08
CVE-2026-2442 Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' — Page Builder: Pagelayer – Drag and Drop website builderCWE-93 5.3 Medium2026-03-28
CVE-2025-12366 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference — Page Builder: Pagelayer – Drag and Drop website builderCWE-639 4.3 Medium2025-11-13
CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 4.7 Medium2025-05-24
CVE-2024-13427 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2025-05-24
CVE-2025-2104 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication — Page Builder: Pagelayer – Drag and Drop website builderCWE-862 4.3 Medium2025-03-13
CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode — Page Builder: Pagelayer – Drag and Drop website builderCWE-284 4.3 Medium2025-03-12
CVE-2025-1926 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification — Page Builder: Pagelayer – Drag and Drop website builderCWE-352 4.3 Medium2025-03-10
CVE-2024-2504 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2024-04-09
CVE-2024-2127 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2024-03-07
CVE-2024-1590 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 4.6 Medium2024-02-23
CVE-2023-6738 PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields — Page Builder: Pagelayer – Drag and Drop website builderCWE-20 5.4 Medium2024-01-04

This page lists every published CVE security advisory associated with Softaculous. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.