Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

era404 — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting era404. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Era404 develops security testing tools and penetration services, primarily focusing on web application and API security analysis. Historically, their research has commonly identified vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws across various platforms. The security researcher has documented seven CVEs, with notable work including critical findings in widely-used enterprise software. Their research typically emphasizes real-world exploitability rather than theoretical vulnerabilities, often providing detailed proof-of-concept code. While no major public security incidents are directly attributed to era404, their findings have frequently prompted emergency patches from affected vendors, demonstrating significant impact on organizational security postures.

Top products by era404: StaffList ImageMeta LinkedInclude CropRefine
CVE IDTitleCVSSSeverityPublished
CVE-2025-12185 StaffList <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting — StaffListCWE-79 4.4 Medium2025-11-27
CVE-2025-52734 WordPress CropRefine Plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability — CropRefineCWE-79 7.1 High2025-10-22
CVE-2025-57918 WordPress LinkedInclude Plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) Vulnerability — LinkedIncludeCWE-352 7.1 High2025-09-22
CVE-2025-32255 WordPress StaffList plugin <= 3.2.7 - Sensitive Data Exposure vulnerability — StaffListCWE-497 5.3 Medium2025-04-04
CVE-2025-32232 WordPress StaffList plugin <= 3.2.7 - Broken Access Control vulnerability — StaffListCWE-862 4.3 Medium2025-04-04
CVE-2025-23845 WordPress ImageMeta Plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — ImageMetaCWE-79 7.1 High2025-02-17
CVE-2024-13749 StaffList <= 3.2.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — StaffListCWE-79 6.1 Medium2025-02-12

This page lists every published CVE security advisory associated with era404. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.