Browse all 4 CVE security advisories affecting hikashop.com. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hikashop.com is an e-commerce extension for Joomla that enables online stores with product management, payment processing, and order fulfillment capabilities. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the four recorded CVEs highlight ongoing security concerns, particularly around user authentication and data handling. The extension's complex architecture and frequent updates contribute to potential exposure, requiring administrators to maintain vigilance with timely patching and secure configuration practices to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-25225 | Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for Joomla — Hikashop component for JoomlaCWE-284 | 7.2 | - | 2025-03-15 |
| CVE-2025-22210 | Extension - hikashop.com - SQL injection in Hikashop component version 3.3.0 - 5.1.4 for Joomla — Hikashop component for JoomlaCWE-89 | 7.2 | - | 2025-02-25 |
| CVE-2024-40746 | Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1 — HikaShop component for JoomlaCWE-79 | 5.4AI | MediumAI | 2024-10-21 |
| CVE-2023-38044 | Extension - hikashop.com - SQLi in HikaShop component for Joomla <= 4.7.2 — HikaShop component for JoomlaCWE-89 | 9.8 | - | 2023-08-07 |
This page lists every published CVE security advisory associated with hikashop.com. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.