Browse all 5 CVE security advisories affecting alexacrm. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AlexaCRM serves as a customer relationship management platform designed to streamline sales, marketing, and customer service operations. Historically, the system has been susceptible to multiple vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with five CVEs documented to date. Security researchers have identified authentication bypass flaws and insufficient input validation as recurring issues. While no major public security incidents have been widely reported, the accumulation of CVEs indicates persistent security challenges that require ongoing attention from administrators implementing the platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12583 | Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection — Dynamics 365 IntegrationCWE-1336 | 9.9 | Critical | 2025-01-04 |
| CVE-2023-28417 | WordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerability — Dynamics 365 IntegrationCWE-862 | 5.4 | Medium | 2024-12-09 |
| CVE-2023-29422 | WordPress Dynamics 365 Integration plugin <= 1.3.13 - Broken Access Control vulnerability — Dynamics 365 IntegrationCWE-862 | 4.3 | Medium | 2024-12-09 |
| CVE-2024-34550 | WordPress Dynamics 365 Integration plugin <= 1.3.17 - Sensitive Data Exposure vulnerability — Dynamics 365 IntegrationCWE-532 | 5.3 | Medium | 2024-05-09 |
This page lists every published CVE security advisory associated with alexacrm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.