Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

XootiX — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting XootiX. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XootiX is a web-based collaboration platform primarily used for team project management and document sharing. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The platform has accumulated 11 CVEs to date, with several critical flaws allowing unauthorized access and system compromise. Notable characteristics include insufficient input validation and weak authentication mechanisms in previous versions. While recent releases have addressed many issues, the historical vulnerability pattern suggests ongoing need for rigorous security testing, particularly in areas of user permissions and data handling.

Top products by XootiX: Waitlist Woocommerce ( Back in stock notifier ) Login/Signup Popup Side Cart Woocommerce (Ajax) Login & Register Customizer – Popup | Slider | Inline | WooCommerce OTP Login & Register Woocommerce Login/Signup Popup ( Inline Form + Woocommerce )
CVE IDTitleCVSSSeverityPublished
CVE-2025-50027 WordPress Login/Signup Popup plugin <= 2.9.4 - Cross Site Scripting (XSS) Vulnerability — Login/Signup PopupCWE-79 5.9 Medium2025-06-20
CVE-2025-1064 Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode — Login & Register Customizer – Popup | Slider | Inline | WooCommerceCWE-79 6.4 Medium2025-02-20
CVE-2024-43134 WordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerability — Waitlist Woocommerce ( Back in stock notifier )CWE-862 4.3 Medium2024-11-01
CVE-2024-8724 Waitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site Scripting — Waitlist Woocommerce ( Back in stock notifier )CWE-79 6.1 Medium2024-09-14
CVE-2024-5665 Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Exposure — Login/Signup Popup ( Inline Form + Woocommerce ) 4.3 Medium2024-06-06
CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update — Waitlist Woocommerce ( Back in stock notifier )CWE-862 8.8 High2024-06-06
CVE-2023-28415 WordPress Side Cart Woocommerce (Ajax) Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) — Side Cart Woocommerce (Ajax)CWE-79 5.9 Medium2023-08-30
CVE-2020-36715 Login/Signup Popup < 1.5 - Missing Authorization — Login & Register Customizer – Popup | Slider | Inline | WooCommerceCWE-862 7.4 High2023-06-07
CVE-2022-45376 WordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF) — Side Cart Woocommerce (Ajax)CWE-352 4.3 Medium2023-05-22
CVE-2023-2706 OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation — OTP Login & Register WoocommerceCWE-287 8.1 High2023-05-17
CVE-2022-0215 XootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options Update — Login/Signup PopupCWE-352 8.8 High2022-01-18

This page lists every published CVE security advisory associated with XootiX. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.