Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

iqonicdesign — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting iqonicdesign. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Iqonicdesign operates primarily as a provider of WordPress themes and plugins, targeting web developers and designers seeking pre-built digital assets. This ecosystem has historically been associated with a significant volume of security flaws, currently totaling 25 recorded Common Vulnerabilities and Exposures (CVEs). The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and inadequate sanitization of user-supplied data. Additionally, issues related to broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate site functionalities or access sensitive administrative features. These deficiencies highlight systemic weaknesses in the codebase’s security architecture, particularly regarding how the software handles dynamic content and user interactions. The high number of CVEs suggests a pattern of recurring security oversights rather than isolated incidents, indicating a need for rigorous code auditing and stricter adherence to secure coding standards to mitigate risks for end-users relying on these components.

Top products by iqonicdesign: WPBookit KiviCare – Clinic & Patient Management System (EHR) Graphina – Charts and Graphs For Elementor Streamit WPBookit Pro SocialV - Social Network and Community BuddyPress Theme
CVE IDTitleCVSSSeverityPublished
CVE-2026-25414 WordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerability — WPBookit ProCWE-266 8.8 High2026-03-25
CVE-2026-25413 WordPress WPBookit Pro plugin <= 1.6.18 - Arbitrary File Upload vulnerability — WPBookit ProCWE-434 9.9 Critical2026-03-25
CVE-2026-2992 KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard — KiviCare – Clinic & Patient Management System (EHR)CWE-862 8.2 High2026-03-18
CVE-2026-2991 KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token — KiviCare – Clinic & Patient Management System (EHR)CWE-287 7.3 High2026-03-18
CVE-2026-1980 WPBookit <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure — WPBookitCWE-200 5.3 Medium2026-03-04
CVE-2026-1945 WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters — WPBookitCWE-79 7.2 High2026-03-04
CVE-2026-25415 WordPress WPBookit Pro plugin <= 1.6.18 - Broken Access Control vulnerability — WPBookit ProCWE-862 5.3 Medium2026-02-19
CVE-2026-0927 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload — KiviCare – Clinic & Patient Management System (EHR)CWE-862 5.3 Medium2026-01-23
CVE-2025-12135 WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting — WPBookitCWE-79 7.2 High2025-11-21
CVE-2025-11820 Graphina – Elementor Charts and Graphs <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets — Graphina – Charts and Graphs For ElementorCWE-79 6.4 Medium2025-11-05
CVE-2025-8867 Graphina - Elementor Charts and Graphs <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Graphina – Charts and Graphs For ElementorCWE-79 6.4 Medium2025-08-15
CVE-2025-7852 WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function — WPBookitCWE-434 9.8 Critical2025-07-24
CVE-2025-6057 WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload — WPBookitCWE-434 8.8 High2025-07-12
CVE-2025-6058 WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload — WPBookitCWE-434 9.8 Critical2025-07-12
CVE-2025-3810 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover — WPBookitCWE-639 9.8 Critical2025-05-09
CVE-2025-3811 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update — WPBookitCWE-639 9.8 Critical2025-05-09
CVE-2025-2519 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Download — StreamitCWE-22 6.5 Medium2025-04-08
CVE-2025-2525 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload — StreamitCWE-434 8.8 High2025-04-08
CVE-2025-2526 Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover — StreamitCWE-639 8.8 High2025-04-08
CVE-2025-1572 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated (Doctor+) SQL Injection via 'u_id' Parameter — KiviCare – Clinic & Patient Management System (EHR)CWE-89 6.5 Medium2025-02-28
CVE-2024-13529 SocialV - Social Network and Community BuddyPress Theme <= 2.0.15 - Missing Authorization to Arbitrary File Download — SocialV - Social Network and Community BuddyPress ThemeCWE-862 6.5 Medium2025-02-04
CVE-2024-11729 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection — KiviCare – Clinic & Patient Management System (EHR)CWE-89 6.5 Medium2024-12-06
CVE-2024-11730 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Doctor/Receptionist+) SQL Injection — KiviCare – Clinic & Patient Management System (EHR)CWE-89 6.5 Medium2024-12-06
CVE-2024-11728 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection — KiviCare – Clinic & Patient Management System (EHR)CWE-89 7.5 High2024-12-06
CVE-2024-4574 Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Graphina – Charts and Graphs For ElementorCWE-79 6.4 Medium2024-05-10

This page lists every published CVE security advisory associated with iqonicdesign. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.