Browse all 3 CVE security advisories affecting bnielsen. AI-powered Chinese analysis, POCs, and references for each vulnerability.
bnielsen develops software components primarily used in web applications and content management systems. Their products have historically been associated with remote code execution, cross-site scripting, and privilege escalation vulnerabilities. Security researchers have identified multiple authentication bypass flaws in their frameworks, with three CVEs documenting these weaknesses. Their codebase often contains insufficient input validation mechanisms, leading to injection vulnerabilities. While no major public security incidents have been directly attributed to bnielsen, their components have been exploited in supply chain attacks against third-party systems. Their documentation has been criticized for inadequate security guidance, contributing to improper implementation by developers.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-8317 | Custom Word Cloud <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via angle Parameter — Custom Word CloudCWE-79 | 6.4 | Medium | 2025-08-02 |
| CVE-2025-25103 | WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability — Indeed APICWE-352 | 4.3 | Medium | 2025-02-07 |
| CVE-2025-22552 | WordPress Affiliate Disclosure Statement plugin <= 0.3 - CSRF to Stored XSS vulnerability — Affiliate Disclosure StatementCWE-352 | 7.1 | High | 2025-01-07 |
This page lists every published CVE security advisory associated with bnielsen. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.