Browse all 3 CVE security advisories affecting codesavory. AI-powered Chinese analysis, POCs, and references for each vulnerability.
codeSavory develops web application security testing tools, focusing on identifying vulnerabilities in custom code. Historically, their products have commonly detected remote code execution, cross-site scripting, and privilege escalation flaws. The platform emphasizes automated scanning with customizable policies, though it has shown limitations in detecting complex business logic vulnerabilities. While no major public security incidents have been reported, the three CVEs associated with the tool itself relate to improper input validation and insufficient access controls in its configuration interface. These findings suggest room for improvement in securing the platform's own management features despite its effectiveness in identifying common web application weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-10664 | Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update — Knowledge Base documentation & wiki plugin – BasePress DocsCWE-862 | 4.3 | Medium | 2024-12-04 |
| CVE-2024-33588 | WordPress basepress plugin <= 2.16.1 - Broken Access Control vulnerability — Knowledge Base documentation & wiki plugin – BasePressCWE-862 | 5.4 | Medium | 2024-04-29 |
| CVE-2024-33590 | WordPress basepress plugin <= 2.16.1 - Server Side Request Forgery (SSRF) vulnerability — Knowledge Base documentation & wiki plugin – BasePressCWE-918 | 5.0 | Medium | 2024-04-29 |
This page lists every published CVE security advisory associated with codesavory. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.