Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kaizencoders — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting kaizencoders. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kaizencoders develops WordPress and WooCommerce plugins for e-commerce and website functionality, with 15 CVEs recorded primarily involving RCE, XSS, and privilege escalation vulnerabilities. Their plugins often contain insufficient input validation and improper access controls, leading to authenticated and unauthenticated exploits. Notable incidents include multiple critical flaws allowing complete site compromise through file uploads and nonce bypasses. Security researchers have consistently identified similar patterns across their products, indicating systemic issues in secure coding practices. Their plugins remain attractive targets due to widespread installation in vulnerable e-commerce environments.

Top products by kaizencoders: Short URL URL Shortify Traffic Manager Automatic Ban IP Enable Latex Table of content Attachments Handler URL Shortify – Simple and Easy URL Shortener Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-25392 WordPress Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability — Update URLs – Quick and Easy way to search old links and replace them with new links in WordPressCWE-601 4.7 Medium2026-02-19
CVE-2026-25385 WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability — URL ShortifyCWE-918 5.5 Medium2026-02-19
CVE-2026-1277 URL Shortify <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter — URL Shortify – Simple and Easy URL ShortenerCWE-601 4.7 Medium2026-02-18
CVE-2025-12581 Attachments Handler <= 1.1.7 - Reflected Cross-Site Scripting — Attachments HandlerCWE-79 6.1 Medium2025-12-20
CVE-2025-58860 WordPress Enable Latex Plugin <= 1.2.16 - Cross Site Request Forgery (CSRF) Vulnerability — Enable LatexCWE-352 7.1 High2025-09-05
CVE-2025-58857 WordPress Table of content Plugin <= 1.5.3.1 - Cross Site Request Forgery (CSRF) Vulnerability — Table of contentCWE-79 7.1 High2025-09-05
CVE-2025-32632 WordPress Automatic Ban IP Plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability — Automatic Ban IPCWE-79 7.1 High2025-04-11
CVE-2025-32134 WordPress URL Shortify Plugin <= 1.10.5.1 - Cross Site Scripting (XSS) vulnerability — URL ShortifyCWE-79 5.9 Medium2025-04-04
CVE-2023-47225 WordPress Short URL plugin <= 1.6.8 - Broken Access Control vulnerability — Short URLCWE-862 5.4 Medium2025-01-02
CVE-2023-1604 Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page — Short URLCWE-352 4.7 Medium2024-08-17
CVE-2024-7485 Traffic Manager <= 1.4.5 - Unauthenticated Stored Cross-Site Scripting — Traffic ManagerCWE-79 7.2 High2024-08-06
CVE-2024-32138 WordPress Short URL plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability — Short URLCWE-79 7.1 High2024-04-15
CVE-2022-46860 WordPress Short URL Plugin <= 1.6.4 is vulnerable to SQL Injection — Short URLCWE-89 8.5 High2023-11-06
CVE-2023-45058 WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF) — Short URLCWE-352 4.3 Medium2023-10-12
CVE-2023-1602 WordPress plugin Short URL 跨站脚本漏洞 — Short URL 4.4 Medium2023-06-29

This page lists every published CVE security advisory associated with kaizencoders. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.