Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

carazo — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting carazo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Carazo is a software component primarily used in web application development frameworks. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues across its CVE history. The component's security posture has been marked by insufficient input validation and improper access control mechanisms. While no major public security incidents have been widely documented, the accumulation of seven CVEs suggests consistent security challenges in handling user-supplied data and maintaining proper privilege boundaries. Developers implementing Carazo should prioritize applying security patches and implementing additional input sanitization beyond the component's native protections.

Top products by carazo: Import and export users and customers
CVE IDTitleCVSSSeverityPublished
CVE-2026-7641 Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields — Import and export users and customersCWE-269 8.8 High2026-05-02
CVE-2026-3629 Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields — Import and export users and customersCWE-269 8.1 High2026-03-21
CVE-2024-4656 Import and export users and customers <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting — Import and export users and customersCWE-79 4.4 Medium2024-05-15
CVE-2024-4734 Import and export users and customers <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting — Import and export users and customersCWE-79 4.4 Medium2024-05-15
CVE-2024-1050 Import and export users and customers <= 1.26.5 - Missing Authorization — Import and export users and customersCWE-862 4.3 Medium2024-05-04
CVE-2023-6583 Import and export users and customers <= 1.24.2 - Authenticated(Administrator+) Directory Traversal via Recurring Import Functionality — Import and export users and customersCWE-98 6.6 Medium2024-01-11
CVE-2023-6624 Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode — Import and export users and customersCWE-79 4.9 Medium2024-01-11

This page lists every published CVE security advisory associated with carazo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.