Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

emarket-design — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting emarket-design. AI-powered Chinese analysis, POCs, and references for each vulnerability.

emarket-design operates as a provider of e-commerce platform solutions, facilitating online retail operations for businesses. Security assessments have identified twenty-one distinct Common Vulnerabilities and Exposures (CVEs) associated with its software infrastructure. Historically, the most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These issues often stem from insufficient input validation and inadequate access controls within the application’s core modules. Notable security characteristics reveal a pattern of critical severity ratings, particularly in versions lacking recent patching. While specific major public incidents are not widely documented in open sources, the high volume of CVEs indicates systemic weaknesses in the development lifecycle. Organizations utilizing emarket-design solutions are advised to prioritize immediate patching of identified RCE and XSS vectors to mitigate potential exploitation risks.

Top products by emarket-design: Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress Employee Directory – Staff & Team Directory Simple Contact Form Plugin for WordPress – WP Easy Contact YouTube Showcase WP Ticket Customer Service Software & Support Ticket System Request a Quote Employee Spotlight – Team Member Showcase & Meet the Team Plugin Video Gallery – YouTube Gallery & Responsive Video Playlist Event RSVP and Simple Event Management Plugin Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Employee Spotlight Employee Directory – Staff Listing & Team Directory Plugin for WordPress WP Easy Contact
CVE IDTitleCVSSSeverityPublished
CVE-2025-15636 WordPress YouTube Showcase plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability — YouTube ShowcaseCWE-79 6.5 Medium2026-04-15
CVE-2025-64248 WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability — Request a QuoteCWE-862 4.3 Medium2025-12-16
CVE-2025-13403 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification — Employee Spotlight – Team Member Showcase & Meet the Team PluginCWE-862 4.3 Medium2025-12-13
CVE-2025-12090 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Employee Spotlight – Team Member Showcase & Meet the Team PluginCWE-79 6.4 Medium2025-11-01
CVE-2025-60157 WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - Cross Site Scripting (XSS) Vulnerability — WP Ticket Customer Service Software & Support Ticket SystemCWE-79 6.5 Medium2025-09-26
CVE-2025-58915 WordPress Request a Quote plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability — Request a QuoteCWE-79 6.5 Medium2025-09-23
CVE-2025-54731 WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability — YouTube ShowcaseCWE-94 8.1 High2025-08-28
CVE-2025-53584 WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability — WP Ticket Customer Service Software & Support Ticket SystemCWE-502 8.1 High2025-08-28
CVE-2025-53583 WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability — Employee SpotlightCWE-502 8.1 High2025-08-28
CVE-2025-53572 WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability — WP Easy ContactCWE-502 8.1 High2025-08-28
CVE-2025-53243 WordPress Employee Directory – Staff Listing & Team Directory plugin for WordPress plugin <= 4.5.5 - PHP Object Injection vulnerability — Employee Directory – Staff Listing & Team Directory Plugin for WordPressCWE-502 8.1 High2025-08-28
CVE-2025-8314 Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter — Project Management, Bug and Issue Tracking Plugin – Software Issue ManagerCWE-79 6.4 Medium2025-08-12
CVE-2025-8420 Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution — Campus Directory – Faculty, Staff & Student Directory Plugin for WordPressCWE-95 8.1 High2025-08-06
CVE-2025-8295 Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter — Employee Directory – Staff & Team DirectoryCWE-79 6.4 Medium2025-08-05
CVE-2025-8313 Campus Directory <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter — Campus Directory – Faculty, Staff & Student Directory Plugin for WordPressCWE-79 6.4 Medium2025-08-05
CVE-2025-8315 WP Easy Contact <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter — Simple Contact Form Plugin for WordPress – WP Easy ContactCWE-79 6.4 Medium2025-08-05
CVE-2025-5540 Event RSVP and Simple Event Management Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Event RSVP and Simple Event Management PluginCWE-79 6.4 Medium2025-06-26
CVE-2025-5539 Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Simple Contact Form Plugin for WordPress – WP Easy ContactCWE-79 6.4 Medium2025-06-04
CVE-2025-5532 Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Campus Directory – Faculty, Staff & Student Directory Plugin for WordPressCWE-79 6.4 Medium2025-06-04
CVE-2025-5531 Staff Directory – Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Employee Directory – Staff & Team DirectoryCWE-79 6.4 Medium2025-06-04
CVE-2024-3268 YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation — Video Gallery – YouTube Gallery & Responsive Video PlaylistCWE-862 5.3 Medium2024-05-21

This page lists every published CVE security advisory associated with emarket-design. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.