Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

croixhaug — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting croixhaug. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Croixhaug serves as a web application framework primarily used for building content management systems and e-commerce platforms. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 16 recorded CVEs. The framework's modular architecture has introduced security challenges through third-party extensions with insufficient input validation. Notable characteristics include its widespread use in legacy systems that often remain unpatched, creating persistent exposure risks. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in core components and plugins has established croixhaug as a concern for organizations maintaining older implementations requiring careful hardening and regular updates.

Top products by croixhaug: Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin Interactive Image Map Plugin – Draw Attention
CVE IDTitleCVSSSeverityPublished
CVE-2026-4807 Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-862 6.5 Medium2026-05-07
CVE-2026-3658 Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-89 7.5 High2026-03-19
CVE-2026-3045 Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-862 7.5 High2026-03-13
CVE-2026-1704 Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-639 4.3 Medium2026-03-13
CVE-2026-1708 Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-89 7.5 High2026-03-11
CVE-2025-12166 Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-89 7.5 High2026-01-14
CVE-2025-11723 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-330 6.5 Medium2026-01-06
CVE-2025-13754 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-862 5.3 Medium2025-12-19
CVE-2025-4667 Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-79 6.4 Medium2025-06-14
CVE-2025-1119 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-94 7.3 High2025-03-13
CVE-2024-13431 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-79 6.1 Medium2025-03-07
CVE-2024-4288 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-79 6.4 Medium2024-05-16
CVE-2024-2341 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-89 8.8 High2024-04-09
CVE-2024-2342 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-89 8.8 High2024-04-09
CVE-2024-1760 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-352 4.3 Medium2024-03-06
CVE-2023-2764 Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification — Interactive Image Map Plugin – Draw AttentionCWE-862 4.3 Medium2023-06-09

This page lists every published CVE security advisory associated with croixhaug. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.