Browse all 5 CVE security advisories affecting addonify. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Addonify is an e-commerce platform enhancement tool designed to improve online store functionality through various plugins and widgets. Historically, the software has been associated with multiple remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from insufficient input validation and improper sanitization of user-supplied data. Privilege escalation issues have also been documented in certain versions. The five recorded CVEs highlight recurring security concerns, particularly in how the platform handles third-party integrations and user-generated content. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests a need for rigorous security testing and prompt patch management by users implementing Addonify solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68024 | WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability — Addonify – WooCommerce WishlistCWE-862 | 6.5 | Medium | 2026-02-20 |
| CVE-2025-68025 | WordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control vulnerability — Addonify Floating Cart For WooCommerceCWE-862 | 6.5 | Medium | 2026-02-20 |
| CVE-2025-68023 | WordPress Addonify – Compare Products For WooCommerce plugin <= 1.1.17 - Settings Change vulnerability — Addonify – Compare Products For WooCommerceCWE-862 | 6.5 | Medium | 2026-02-20 |
| CVE-2025-68578 | WordPress Addonify plugin <= 2.0.4 - Broken Access Control vulnerability — AddonifyCWE-862 | 5.3 | Medium | 2025-12-24 |
| CVE-2024-6560 | Addonify – Quick View For WooCommerce <= 1.2.16 - Unauthenticated Full Path Dislcosure — Addonify – Quick View For WooCommerceCWE-200 | 5.3 | Medium | 2024-07-20 |
This page lists every published CVE security advisory associated with addonify. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.