Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ghozylab — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting ghozylab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ghozylab develops security testing tools with a core focus on identifying web application vulnerabilities. Historically, their products have frequently been associated with Remote Code Execution (RCE) and Cross-Site Scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure deserialization. The organization has demonstrated a pattern of privilege escalation flaws in their software. While no major public security incidents have been widely documented, the accumulation of 11 CVEs suggests consistent security challenges in their codebase, particularly around memory corruption and access control mechanisms.

Top products by ghozylab: Gallery for Social Photo Gallery Lightbox Popup Builder Image Slider Image Slider Widget Easy Contact Form Lite Gallery – Photo Albums Plugin Easy Notify Lite
CVE IDTitleCVSSSeverityPublished
CVE-2025-14446 Popup Builder <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset — Easy Notify LiteCWE-862 5.4 Medium2025-12-13
CVE-2025-57966 WordPress Gallery Lightbox plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability — Gallery LightboxCWE-79 6.5 Medium2025-09-22
CVE-2025-46230 WordPress Popup Builder plugin <= 1.1.35 - Local File Inclusion Vulnerability — Popup BuilderCWE-98 7.5 High2025-04-24
CVE-2025-31586 WordPress Gallery – Photo Albums Plugin plugin <= 1.3.170 - Stored Cross Site Scripting (XSS) vulnerability — Gallery – Photo Albums PluginCWE-79 6.5 Medium2025-03-31
CVE-2025-26742 WordPress Gallery for Social Photo plugin <= 1.0.0.35 - Cross Site Scripting (XSS) vulnerability — Gallery for Social PhotoCWE-79 6.5 Medium2025-03-25
CVE-2025-26962 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability — Easy Contact Form LiteCWE-79 6.5 Medium2025-02-25
CVE-2025-26882 WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability — Popup BuilderCWE-79 6.5 Medium2025-02-25
CVE-2024-47623 WordPress Gallery Lightbox plugin <= 1.0.0.39 - Cross Site Scripting (XSS) vulnerability — Gallery LightboxCWE-79 5.9 Medium2024-10-05
CVE-2024-32707 WordPress Image Slider plugin <= 1.1.125 - Cross Site Scripting (XSS) vulnerability — Image Slider WidgetCWE-79 5.9 Medium2024-04-24
CVE-2022-2224 Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication — Gallery for Social PhotoCWE-352 5.4 Medium2022-07-18
CVE-2022-2223 Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication — Image SliderCWE-352 5.4 Medium2022-07-18

This page lists every published CVE security advisory associated with ghozylab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.