Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nicdark — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting nicdark. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nicdark develops web applications and frameworks primarily used for content management and e-commerce solutions. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with 12 CVEs documented. Security researchers have identified consistent issues in input validation and access control mechanisms. While no major public security incidents have been widely reported, the pattern of vulnerabilities suggests potential risks for organizations using their software without proper hardening. Regular security updates and careful configuration remain critical for mitigating these risks.

Top products by nicdark: Hotel Booking Restaurant Reservations Donations (WordPress plugin) Hotel Booking (WordPress plugin) Cost Calculator ND Shortcodes Elements For Elementor
CVE IDTitleCVSSSeverityPublished
CVE-2025-63001 WordPress Hotel Booking plugin <= 3.8 - Broken Access Control vulnerability — Hotel BookingCWE-862 5.3 Medium2025-12-31
CVE-2025-53259 WordPress Hotel Booking plugin <= 3.7 - Local File Inclusion Vulnerability — Hotel BookingCWE-98 7.5 High2025-06-27
CVE-2025-47498 WordPress Hotel Booking plugin <= 3.6 - Local File Inclusion Vulnerability — Hotel BookingCWE-98 7.5 High2025-05-07
CVE-2025-39526 WordPress Hotel Booking Plugin <= 3.6 - Local File Inclusion vulnerability — Hotel BookingCWE-98 8.1 High2025-04-17
CVE-2024-37223 WordPress Restaurant Reservations plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability — Restaurant ReservationsCWE-79 6.5 Medium2024-07-22
CVE-2024-5348 Elements For Elementor <= 2.1 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes — Elements For ElementorCWE-98 8.8 High2024-06-01
CVE-2024-5220 ND Shortcodes <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting — ND ShortcodesCWE-79 6.4 Medium2024-05-25
CVE-2024-1382 Restaurant Reservations <= 1.9 - Directory Traversal to Authenticated (Contributor+) Local File Inclusion — Restaurant ReservationsCWE-98 8.8 High2024-03-07
CVE-2023-51403 WordPress Restaurant Reservations Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS) — Restaurant ReservationsCWE-79 6.5 Medium2024-02-12
CVE-2023-1155 Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — Cost CalculatorCWE-79 6.4 Medium2023-03-02
CVE-2022-29443 WordPress Hotel Booking plugin <= 3.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities — Hotel Booking (WordPress plugin)CWE-79 4.1 Medium2022-06-15
CVE-2022-29433 https://patchstack.com/database/vulnerability/nd-donations/wordpress-donations-plugin-1-8-authenticated-stored-cross-site-scripting-xss-vulnerability — Donations (WordPress plugin)CWE-79 4.1 Medium2022-05-13

This page lists every published CVE security advisory associated with nicdark. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.