Browse all 3 CVE security advisories affecting mihdan. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Mihdan primarily develops WordPress-related plugins, with a core focus on comment and social media integration functionality. Historically, vulnerabilities in mihdan's codebase have commonly included stored cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from insufficient input validation and improper sanitization. Security assessments have revealed patterns of privilege escalation risks due to inadequate access controls. While no major public security incidents have been widely documented, the three CVEs associated with mihdan highlight recurring issues in input handling and security hardening, emphasizing the need for rigorous code reviews and secure development practices in WordPress plugin ecosystems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-8608 | Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins — Maps from Yandex for ElementorCWE-79 | 6.4 | Medium | 2025-09-30 |
| CVE-2025-53451 | WordPress Mihdan: No External Links Plugin <= 5.1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability — Mihdan: No External LinksCWE-352 | 5.4 | Medium | 2025-09-22 |
| CVE-2024-4411 | Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Mihdan: Yandex Turbo FeedCWE-79 | 6.4 | Medium | 2024-05-09 |
This page lists every published CVE security advisory associated with mihdan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.