kodezen — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting kodezen. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kodezen develops web application frameworks primarily used for building enterprise solutions, with its products enabling rapid development of business applications. Historically, the framework has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its seven recorded CVEs. Security researchers have identified consistent input validation weaknesses and insecure default configurations in its components. While no major public security incidents have been documented, the accumulation of CVEs suggests ongoing challenges in secure coding practices, particularly regarding sanitization of user-supplied data and access control mechanisms.

Top products by kodezen: Academy LMS – WordPress LMS Plugin for Complete eLearning Solution aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More

CVEs 7

CVE ID	Title	CVSS	Severity	Published
CVE-2025-15521	Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover — Academy LMS – WordPress LMS Plugin for Complete eLearning SolutionCWE-639	9.8	Critical	2026-01-21
CVE-2025-12449	aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification — aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation BuilderCWE-862	5.4	Medium	2026-01-07
CVE-2025-12099	Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses' — Academy LMS – WordPress LMS Plugin for Complete eLearning SolutionCWE-502	7.2	High	2025-11-08
CVE-2025-9216	StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload — StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & MoreCWE-434	8.8	High	2025-09-17
CVE-2025-9215	StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download — StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & MoreCWE-22	6.5	Medium	2025-09-17
CVE-2024-13465	aBlocks – WordPress Gutenberg Blocks <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation BuilderCWE-79	6.4	Medium	2025-02-18
CVE-2024-1505	Academy LMS – eLearning and online course solution for WordPress <= 1.9.19 - Authenticated (Subscriber+) Privilege Escalation — Academy LMS – WordPress LMS Plugin for Complete eLearning SolutionCWE-269	8.8	High	2024-03-13

This page lists every published CVE security advisory associated with kodezen. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

kodezen — Vulnerabilities & Security Advisories 7