Browse all 4 CVE security advisories affecting epiphyt. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Epiphyt develops enterprise software for supply chain management and logistics operations, with its core use case facilitating automated inventory tracking and vendor coordination. Historically, the product has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. Security researchers have identified authentication bypass weaknesses and insufficient input validation in web interfaces, though no major public security incidents have been documented. The application's complex integration with third-party systems and extensive API surface contribute to its attack potential, requiring organizations to implement strict network segmentation and timely patching to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54693 | WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability — Form BlockCWE-434 | 9.0 | Critical | 2025-08-14 |
| CVE-2023-51694 | WordPress Embed Privacy Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS) — Embed PrivacyCWE-79 | 6.5 | Medium | 2024-02-01 |
| CVE-2023-48300 | Embed Privacy missing escaping for show_all attribute in opt-out shortcode — embed-privacyCWE-79 | 6.3 | Medium | 2023-11-20 |
| CVE-2023-30616 | Cross Site Request Forgery due to missing nonce verification in form block — form-blockCWE-352 | 6.5 | Medium | 2023-04-20 |
This page lists every published CVE security advisory associated with epiphyt. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.