Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

hogash — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting hogash. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Hogash develops web applications and themes primarily for e-commerce and content management platforms. Historically, their products have been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, with nine CVEs documented to date. These issues often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their software suggests a need for improved security practices in their development lifecycle.

Top products by hogash: KALLYAS KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme
CVE IDTitleCVSSSeverityPublished
CVE-2025-63061 WordPress KALLYAS theme < 4.25.0 - Cross Site Scripting (XSS) vulnerability — KALLYASCWE-79 6.5 Medium2025-12-09
CVE-2025-63060 WordPress KALLYAS theme < 4.25.0 - Cross Site Request Forgery (CSRF) vulnerability — KALLYASCWE-352 4.3 Medium2025-12-09
CVE-2025-62018 WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability — KALLYASCWE-862 5.3 Medium2025-11-06
CVE-2025-62016 WordPress Kallyas theme <= 4.22.0 - Arbitrary File Upload vulnerability — KALLYASCWE-434 9.9 Critical2025-11-06
CVE-2025-62017 WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability — KALLYASCWE-862 5.4 Medium2025-11-06
CVE-2025-6988 Kallyas <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — KALLYAS - Creative eCommerce Multi-Purpose WordPress ThemeCWE-79 6.4 Medium2025-11-01
CVE-2025-6990 Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution — KALLYAS - Creative eCommerce Multi-Purpose WordPress ThemeCWE-94 8.8 High2025-11-01
CVE-2025-6991 Kallyas <= 4.21.0 - Authenticated (Contributor+) Local File Inclusion — KALLYAS - Creative eCommerce Multi-Purpose WordPress ThemeCWE-98 7.5 High2025-07-26
CVE-2025-6989 Kallyas <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion — KALLYAS - Creative eCommerce Multi-Purpose WordPress ThemeCWE-22 8.1 High2025-07-26

This page lists every published CVE security advisory associated with hogash. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.