Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Stiofan — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting Stiofan. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Stiofan serves as a middleware component facilitating data integration between enterprise systems. Historically, vulnerabilities in Stiofan have frequently included remote code execution flaws, cross-site scripting (XSS) issues, and privilege escalation weaknesses. The component's exposure to untrusted input has often led to these security concerns. Stiofan has been associated with multiple high-impact vulnerabilities, with seven CVEs documented to date. These issues typically stem from improper input validation and insufficient access controls. Organizations implementing Stiofan should prioritize patch management and input sanitization to mitigate risks. The component's role in critical infrastructure makes securing these vulnerabilities essential for maintaining system integrity.

Top products by Stiofan: UsersWP GetPaid AyeCode Connect Events Calendar for GeoDirectory BlockStrap Page Builder - Bootstrap Blocks
CVE IDTitleCVSSSeverityPublished
CVE-2026-25015 WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability — UsersWPCWE-352 4.3 Medium2026-02-03
CVE-2025-67593 WordPress UsersWP plugin <= 1.2.48 - Cross Site Request Forgery (CSRF) vulnerability — UsersWPCWE-352 4.3 Medium2025-12-09
CVE-2025-66072 WordPress UsersWP plugin <= 1.2.47 - Broken Access Control vulnerability — UsersWPCWE-862 5.3 Medium2025-11-21
CVE-2025-30951 WordPress BlockStrap Page Builder - Bootstrap Blocks plugin <= 0.1.36 - Cross Site Scripting (XSS) Vulnerability — BlockStrap Page Builder - Bootstrap BlocksCWE-79 6.5 Medium2025-06-06
CVE-2025-26967 WordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerability — Events Calendar for GeoDirectoryCWE-502 8.8 High2025-03-03
CVE-2024-56255 WordPress AyeCode Connect plugin <= 1.3.8 - Broken Access Control vulnerability — AyeCode ConnectCWE-862 4.3 Medium2025-01-02
CVE-2024-43973 WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability — GetPaidCWE-862 4.3 Medium2024-11-01

This page lists every published CVE security advisory associated with Stiofan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.