Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

maxfoundry — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting maxfoundry. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MaxFoundry develops enterprise software solutions for content management and digital experience platforms. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for their 13 recorded CVEs. Notable security characteristics include exposure in web applications and APIs, with several critical RCE vulnerabilities allowing unauthorized system access. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their software stack suggests a need for robust security validation and patch management processes for organizations utilizing their platforms.

Top products by maxfoundry: Media Library Folders MaxButtons – Create buttons MaxGalleria Social Share Buttons MaxA/B MaxButtons
CVE IDTitleCVSSSeverityPublished
CVE-2026-2312 Media Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename — Media Library FoldersCWE-862 4.3 Medium2026-02-14
CVE-2025-39444 WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability — MaxButtonsCWE-79 5.9 Medium2025-04-17
CVE-2025-28933 WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability — MaxA/BCWE-352 7.1 High2025-03-11
CVE-2025-0935 Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change — Media Library FoldersCWE-862 4.3 Medium2025-02-15
CVE-2024-9219 WordPress Social Share Buttons <= 1.19 - Reflected Cross-Site Scripting — Social Share ButtonsCWE-79 6.1 Medium2024-10-19
CVE-2024-7858 Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions — Media Library FoldersCWE-862 6.3 Medium2024-08-30
CVE-2024-7857 Media Library Folders <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection — Media Library FoldersCWE-89 6.5 Medium2024-08-29
CVE-2024-6499 WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure — MaxButtons – Create buttonsCWE-200 5.3 Medium2024-08-24
CVE-2024-5970 MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode — MaxGalleriaCWE-79 6.4 Medium2024-06-18
CVE-2024-3581 MaxGalleria <= 6.4.2 - Missing Authorization — MaxGalleriaCWE-862 4.3 Medium2024-05-02
CVE-2024-3615 Media Library Folders <= 8.2.0 - Reflected Cross-Site Scripting via 's' — Media Library FoldersCWE-79 6.1 Medium2024-04-19
CVE-2023-7029 WordPress Button Plugin MaxButtons <= 9.7.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode — MaxButtons – Create buttonsCWE-79 6.4 Medium2024-02-05
CVE-2023-6594 WordPress Button Plugin MaxButtons <= 9.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting — MaxButtons – Create buttonsCWE-79 4.4 Medium2024-01-09

This page lists every published CVE security advisory associated with maxfoundry. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.