Browse all 3 CVE security advisories affecting addonsorg. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Addonsorg develops browser extensions that enhance functionality across platforms, with a core use case of extending user experiences through third-party integrations. Historically, the organization's products have been susceptible to cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities, often stemming from improper input validation and insufficient sandboxing. Security assessments reveal that privilege escalation risks frequently occur due to overly permissive permissions during installation. While no major public incidents have been documented, the three CVEs associated with Addonsorg highlight recurring issues in secure coding practices, particularly in how extensions handle external data and interact with browser APIs.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5364 | Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass — Drag and Drop File Upload for Contact Form 7CWE-434 | 8.1 | High | 2026-04-24 |
| CVE-2025-14074 | PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication — PDF for Contact Form 7 + Drag and Drop Template BuilderCWE-862 | 4.3 | Medium | 2025-12-12 |
| CVE-2024-12593 | PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode — PDF for WPForms + Drag and Drop Template BuilderCWE-79 | 6.4 | Medium | 2025-01-15 |
This page lists every published CVE security advisory associated with addonsorg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.