Browse all 6 CVE security advisories affecting dotonpaper. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dotonpaper is a document management system primarily used for creating, editing, and sharing digital documents. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation issues, as evidenced by its six recorded CVEs. The platform's security posture has been characterized by insufficient input validation and improper access controls, leading to several critical vulnerabilities that allowed unauthorized system access and data manipulation. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in its core functionality suggests ongoing challenges in secure development practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39678 | WordPress Pinpoint Booking System plugin <= 2.9.9.6.5 - Broken Access Control vulnerability — Pinpoint Booking SystemCWE-862 | 5.3 | Medium | 2026-04-08 |
| CVE-2024-54252 | WordPress Pinpoint Booking System Plugin <= 2.9.9.5.7 - Broken Access Control vulnerability — Pinpoint Booking SystemCWE-862 | 6.3 | Medium | 2024-12-13 |
| CVE-2024-53815 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.2 - SQL Injection vulnerability — Pinpoint Booking SystemCWE-89 | 8.5 | High | 2024-12-06 |
| CVE-2024-49304 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — Pinpoint Booking SystemCWE-352 | 5.4 | Medium | 2024-10-17 |
This page lists every published CVE security advisory associated with dotonpaper. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.