Browse all 3 CVE security advisories affecting ZIPANG. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ZIPANG is a Japanese web application framework primarily used for building enterprise-level business applications. Historically, ZIPANG vulnerabilities have commonly included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and insecure default configurations. The framework has experienced several security incidents, including a 2020 vulnerability that allowed attackers to execute arbitrary code through crafted requests. ZIPANG's security posture has been criticized for inconsistent patch management and insufficient documentation on secure implementation practices, contributing to its CVE count of three documented vulnerabilities to date.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-48085 | WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability — Simple StripeCWE-352 | 7.1 | High | 2025-11-06 |
| CVE-2024-12815 | Point Maker <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Point MakerCWE-79 | 6.4 | Medium | 2025-03-05 |
| CVE-2024-49317 | WordPress Point Maker plugin <= 0.1.4 - Local File Inclusion vulnerability — Point MakerCWE-98 | 7.5 | High | 2024-10-17 |
This page lists every published CVE security advisory associated with ZIPANG. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.