Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

alimir — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting alimir. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Alimir is primarily used for web application development and content management, serving as a lightweight PHP framework. Historically, it has been susceptible to remote code execution, cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, its CVE history reveals consistent patterns of insecure coding practices. The framework's minimalistic approach, while appealing for simplicity, has resulted in several authentication bypass flaws and insecure default configurations that could lead to complete system compromise if not properly addressed during implementation.

Top products by alimir: WP ULike – Like & Dislike Buttons for Engagement and Feedback WP ULike
CVE IDTitleCVSSSeverityPublished
CVE-2026-2358 WP ULike <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute — WP ULike – Like & Dislike Buttons for Engagement and FeedbackCWE-79 6.4 Medium2026-03-11
CVE-2026-0909 WP ULike <= 4.8.3.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Log Deletion via 'id' Parameter — WP ULike – Like & Dislike Buttons for Engagement and FeedbackCWE-639 5.3 Medium2026-02-03
CVE-2025-32259 WordPress WP ULike plugin <= 4.7.9.1 - Content Spoofing Vulnerability — WP ULikeCWE-862 5.3 Medium2025-04-10
CVE-2025-22738 WordPress WP ULike plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability — WP ULikeCWE-79 5.9 Medium2025-01-15
CVE-2024-9649 WP ULike <= 4.7.4 - Cross-Site Request Forgery to Statistic Deletion — WP ULike – Like & Dislike Buttons for Engagement and FeedbackCWE-352 4.3 Medium2024-10-16
CVE-2024-1759 WP ULike <= 4.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting — WP ULike – Like & Dislike Buttons for Engagement and FeedbackCWE-79 6.4 Medium2024-05-02
CVE-2024-1797 WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes — WP ULike – Like & Dislike Buttons for Engagement and FeedbackCWE-89 8.8 High2024-05-02
CVE-2024-1572 WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP ULike – Like & Dislike Buttons for Engagement and FeedbackCWE-79 6.4 Medium2024-05-02

This page lists every published CVE security advisory associated with alimir. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.