Browse all 4 CVE security advisories affecting arisoft. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Arisoft develops enterprise software solutions with a core focus on business process automation and customer relationship management systems. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and insecure authentication mechanisms. While no major public security incidents have been widely documented, the four CVEs associated with their products highlight consistent weaknesses in access controls and data handling. Their security posture appears typical for mid-sized software vendors, with vulnerabilities primarily centered on web application interfaces and API endpoints, requiring ongoing attention to secure coding practices and timely patch management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58784 | WordPress ARI Fancy Lightbox Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability — ARI Fancy LightboxCWE-79 | 6.5 | Medium | 2025-09-05 |
| CVE-2025-48345 | WordPress Contact Form 7 Editor Button plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — Contact Form 7 Editor ButtonCWE-79 | 7.1 | High | 2025-07-16 |
| CVE-2019-25215 | ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions — ARI Adminer – WordPress Database ManagerCWE-862 | 7.3 | High | 2024-10-16 |
| CVE-2024-47310 | WordPress ARI Fancy Lightbox -- Popup for WordPress plugin <= 1.3.17 - Cross Site Scripting (XSS) vulnerability — ARI Fancy LightboxCWE-79 | 6.5 | Medium | 2024-10-06 |
This page lists every published CVE security advisory associated with arisoft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.