Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

aa-team — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting aa-team. AI-powered Chinese analysis, POCs, and references for each vulnerability.

AA-Team operates as a specialized software development entity, primarily focusing on enterprise resource planning and industrial automation solutions. Their product portfolio has been associated with twenty-one recorded Common Vulnerabilities and Exposures, indicating a consistent pattern of security oversight in legacy codebases. The most prevalent vulnerability classes include remote code execution and cross-site scripting, which often stem from insufficient input validation and improper session management practices. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative access to critical system components. While no single catastrophic incident has publicly defined their security history, the cumulative nature of these CVEs suggests systemic weaknesses in their secure development lifecycle. Recent patches have addressed several critical remote execution vectors, yet the recurring nature of these issues highlights ongoing challenges in maintaining robust application security standards across their diverse software offerings.

Top products by aa-team: WZone Premium Age Verification / Restriction for WordPress Pro Bulk Watermark Plugin for WordPress WZone – Lite Version Woocommerce Envato Affiliates Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) Premium SEO Pack Amazon Native Shopping Recommendations Woocommerce Sales Funnel Builder Wordpress Movies Bulk Importer SearchAzon
CVE IDTitleCVSSSeverityPublished
CVE-2026-27040 WordPress WZone plugin <= 14.0.31 - Arbitrary File Deletion vulnerability — WZoneCWE-22 8.8 High2026-03-25
CVE-2026-27039 WordPress WZone plugin <= 14.0.31 - SQL Injection vulnerability — WZoneCWE-89 8.5 High2026-03-25
CVE-2026-25473 WordPress WZone plugin <= 14.0.31 - Broken Access Control vulnerability — WZoneCWE-862 5.4 Medium2026-02-19
CVE-2026-22359 WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability — Wordpress Movies Bulk ImporterCWE-352 4.3 Medium2026-01-22
CVE-2026-22360 WordPress SearchAzon plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability — SearchAzonCWE-352 4.3 Medium2026-01-22
CVE-2025-30631 Reflected Cross Site Scripting (XSS) vulnerability in AA-Team WordPress plugins — Woocommerce Sales Funnel BuilderCWE-79 7.1 High2026-01-06
CVE-2025-29004 Privilege Escalation Vulnerability in AA-Team WordPress plugins — Premium Age Verification / Restriction for WordPressCWE-266 8.8 High2026-01-06
CVE-2025-31044 WordPress Premium SEO Pack <= 3.3.2 - SQL Injection Vulnerability — Premium SEO PackCWE-89 8.5 High2026-01-05
CVE-2025-30633 WordPress Amazon Native Shopping Recommendations Plugin <= 1.3 - SQL Injection Vulnerability — Amazon Native Shopping RecommendationsCWE-89 9.3 Critical2026-01-05
CVE-2025-30628 WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) plugin <= 1.2 - SQL Injection Vulnerability — Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer)CWE-89 8.5 High2025-12-31
CVE-2025-28973 WordPress Pro Bulk Watermark Plugin for WordPress <= 2.0 - Path Traversal Vulnerability — Pro Bulk Watermark Plugin for WordPressCWE-35 6.5 Medium2025-12-31
CVE-2025-53297 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability — Woocommerce Envato AffiliatesCWE-79 7.1 High2025-10-22
CVE-2025-4956 WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 - Path Traversal Vulnerability — Pro Bulk Watermark Plugin for WordPressCWE-35 4.3 Medium2025-08-30
CVE-2025-7401 Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php — Premium Age Verification / Restriction for WordPressCWE-798 9.8 Critical2025-07-11
CVE-2024-33545 WordPress WZone plugin <= 14.0.10 - Unauthenticated Broken Access Control vulnerability — WZoneCWE-862 5.3 Medium2024-06-09
CVE-2024-33547 WordPress WZone plugin <= 14.0.10 - Site Wide Broken Access Control vulnerability — WZoneCWE-862 8.3 High2024-06-09
CVE-2024-33549 WordPress WZone plugin <= 14.0.10 - Privilege Escalation vulnerability — WZoneCWE-269 8.8 High2024-05-17
CVE-2024-33544 WordPress WZone plugin <= 14.0.10 - Unauthenticated SQL Injection vulnerability — WZoneCWE-89 9.3 Critical2024-04-29
CVE-2024-33546 WordPress WZone plugin <= 14.0.10 - Arbitrary SQL Update Execution vulnerability — WZoneCWE-89 9.6 Critical2024-04-29
CVE-2024-33548 WordPress WZone plugin <= 14.0.10 - Reflected Cross Site Scripting (XSS) vulnerability — WZoneCWE-79 7.1 High2024-04-29
CVE-2022-27628 WordPress WZone – Lite Version Plugin <= 3.1 Lite is vulnerable to Cross Site Request Forgery (CSRF) — WZone – Lite VersionCWE-352 4.7 Medium2023-02-06

This page lists every published CVE security advisory associated with aa-team. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.