Browse all 4 CVE security advisories affecting anmari. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Anmari develops e-commerce platforms with a focus on small to medium businesses. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and authentication bypass flaws. The platform has faced multiple security incidents, including a 2022 breach exposing customer data due to an unpatched RCE vulnerability. Anmari's security posture has been inconsistent, with delayed patch responses and insufficient input validation in several components. The four CVEs recorded highlight recurring issues in access control and sanitization, suggesting systemic security challenges in their development lifecycle.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68848 | WordPress amr cron manager plugin <= 2.3 - Reflecte dCross Site Scripting (XSS) vulnerability — amr cron managerCWE-79 | 7.1 | High | 2026-02-20 |
| CVE-2025-23880 | WordPress amr personalise plugin <= 2.10 - CSRF to Stored XSS vulnerability — amr personaliseCWE-352 | 7.1 | High | 2025-01-16 |
| CVE-2024-52464 | WordPress amr shortcodes plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability — amr shortcodesCWE-79 | 7.1 | High | 2024-12-02 |
| CVE-2022-45348 | WordPress amr users Plugin <= 4.59.4 is vulnerable to CSV Injection — amr usersCWE-1236 | 5.8 | Medium | 2023-11-07 |
This page lists every published CVE security advisory associated with anmari. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.