Browse all 3 CVE security advisories affecting burgersoftware. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Burgersoftware develops web-based project management tools used by small to medium businesses. Historically, the application has been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation vulnerabilities, with three CVEs currently documented. Security researchers have identified consistent input validation weaknesses in its API endpoints and insufficient access controls in administrative functions. While no major public security incidents have been reported, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices, particularly regarding user input sanitization and session management. The company has not published detailed security advisories for historical vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-26740 | WordPress SpaBiz plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability — SpaBizCWE-79 | 6.5 | Medium | 2025-04-15 |
| CVE-2025-26732 | WordPress StoreBiz plugin <= 1.0.32 - Cross Site Scripting (XSS) vulnerability — StoreBizCWE-79 | 6.5 | Medium | 2025-03-27 |
| CVE-2024-1872 | Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode — ButtonCWE-502 | 8.8 | High | 2024-03-29 |
This page lists every published CVE security advisory associated with burgersoftware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.