Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cifi — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting cifi. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Cifi primarily serves as a cloud infrastructure management platform, enabling organizations to deploy and oversee cloud resources. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its seven recorded CVEs. The platform's security posture has been characterized by insufficient input validation and inadequate access controls in previous versions. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in its core functionality suggests potential risks for organizations relying on the platform without implementing additional security measures.

Top products by cifi: SEO Plugin by Squirrly SEO Starbox – the Author Box for Humans
CVE IDTitleCVSSSeverityPublished
CVE-2025-14342 SEO Plugin by Squirrly SEO <= 12.4.14 - Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection — SEO Plugin by Squirrly SEOCWE-862 4.3 Medium2026-02-19
CVE-2025-1768 SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter — SEO Plugin by Squirrly SEOCWE-89 6.5 Medium2025-03-07
CVE-2024-6497 SEO Plugin by Squirrly SEO <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter — SEO Plugin by Squirrly SEOCWE-89 8.8 High2024-07-20
CVE-2023-6806 Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings — Starbox – the Author Box for HumansCWE-79 6.4 Medium2024-02-20
CVE-2024-0256 Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings — Starbox – the Author Box for HumansCWE-79 6.4 Medium2024-02-07
CVE-2024-0366 Starbox – the Author Box for Humans <= 3.4.7 - Insecure Direct Object Reference — Starbox – the Author Box for HumansCWE-284 4.3 Medium2024-02-05
CVE-2024-0597 SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings — SEO Plugin by Squirrly SEOCWE-79 4.4 Medium2024-02-05

This page lists every published CVE security advisory associated with cifi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.