Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

lavacode — Vulnerabilities & Security Advisories 3

Browse all 3 CVE security advisories affecting lavacode. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Lavacode develops web application frameworks primarily used for building dynamic content management systems. Historically, the organization's products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and insecure default configurations. While no major public security incidents have been widely documented, the three CVEs attributed to Lavacode highlight recurring issues in access controls and data handling. The frameworks' modular architecture, while offering flexibility, has introduced potential attack vectors through third-party plugins with inconsistent security practices.

Top products by lavacode: Lava Directory Manager Lava Ajax Search
CVE IDTitleCVSSSeverityPublished
CVE-2025-28937 WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability — Lava Ajax SearchCWE-79 5.9 Medium2025-03-11
CVE-2023-47659 WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS) — Lava Directory ManagerCWE-79 6.5 Medium2023-11-14
CVE-2023-46081 WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS) — Lava Directory ManagerCWE-79 7.1 High2023-10-26

This page lists every published CVE security advisory associated with lavacode. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.