Browse all 4 CVE security advisories affecting nayon46. AI-powered Chinese analysis, POCs, and references for each vulnerability.
nayon46 is primarily associated with web application vulnerabilities, focusing on RCE and XSS flaws across multiple platforms. The researcher has consistently identified critical input validation and authentication bypass issues, with four CVEs reflecting a pattern in privilege escalation and server-side injection exploits. While no major public incidents are directly linked to this alias, the vulnerabilities discovered by nayon46 have demonstrated significant impact potential, particularly in unpatched enterprise systems. Their work consistently highlights weaknesses in session management and access control mechanisms, suggesting a methodical approach to identifying flaws that could lead to complete system compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1904 | Simple Wp colorfull Accordion <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute — Simple Wp colorfull AccordionCWE-79 | 6.4 | Medium | 2026-02-14 |
| CVE-2025-2540 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library — Awesome Wp Image GalleryCWE-79 | 6.4 | Medium | 2025-07-03 |
| CVE-2025-46476 | WordPress Awesome Wp Image Gallery plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability — Awesome Wp Image GalleryCWE-79 | 6.5 | Medium | 2025-04-24 |
| CVE-2024-49267 | WordPress Unlimited Addon For Elementor plugin <=2.0.0 - Cross Site Scripting (XSS) vulnerability — Unlimited Addon For ElementorCWE-79 | 6.5 | Medium | 2024-10-16 |
This page lists every published CVE security advisory associated with nayon46. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.