Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

plainware — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting plainware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Plainware develops enterprise software for document management and workflow automation, primarily serving financial and healthcare sectors. Historically, the product has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely documented, the 15 CVEs on record indicate persistent security concerns, particularly in authentication mechanisms and file processing components. The software's integration with sensitive systems increases potential impact, making regular security updates and proper configuration critical for mitigating identified risks.

Top products by plainware: Locatoraid Store Locator ShiftController Employee Shift Scheduling PlainInventory
CVE IDTitleCVSSSeverityPublished
CVE-2025-62140 WordPress Locatoraid Store Locator plugin <= 3.9.68 - Cross Site Scripting (XSS) vulnerability — Locatoraid Store LocatorCWE-79 5.9 Medium2025-12-31
CVE-2025-32623 WordPress PlainInventory plugin <= 3.1.9 - CSRF to Stored XSS vulnerability — PlainInventoryCWE-352 7.1 High2025-04-09
CVE-2025-24557 WordPress PlainInventory plugin <= 3.1.5 - Reflected Cross Site Scripting (XSS) vulnerability — PlainInventoryCWE-79 7.1 High2025-02-03
CVE-2024-56283 WordPress Locatoraid Store Locator Plugin <= 3.9.50 - PHP Object Injection vulnerability — Locatoraid Store LocatorCWE-502 8.1 High2025-01-07
CVE-2024-56291 WordPress PlainInventory – Inventory Management Plugin Plugin <= 3.1.6 - PHP Object Injection vulnerability — PlainInventoryCWE-502 8.1 High2025-01-07
CVE-2024-9652 Locatoraid Store Locator <= 3.9.47 - Reflected Cross-Site Scripting — Locatoraid Store LocatorCWE-79 6.1 Medium2024-10-16
CVE-2024-44040 WordPress ShiftController Employee Shift Scheduling plugin <= 4.9.64 - Cross Site Scripting (XSS) vulnerability — ShiftController Employee Shift SchedulingCWE-79 5.9 Medium2024-10-06
CVE-2024-9435 ShiftController Employee Shift Scheduling <= 4.9.66 - Reflected Cross-Site Scripting — ShiftController Employee Shift SchedulingCWE-79 6.1 Medium2024-10-04
CVE-2024-4733 ShiftController Employee Shift Scheduling <= 4.9.57 - Authenticated (Contributor+) PHP Object Injection — ShiftController Employee Shift SchedulingCWE-502 7.5 High2024-05-16
CVE-2024-30181 WordPress Locatoraid Store Locator plugin <= 3.9.30 - Cross Site Scripting (XSS) vulnerability — Locatoraid Store LocatorCWE-79 5.9 Medium2024-03-27
CVE-2023-32576 WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS) — Locatoraid Store LocatorCWE-79 6.5 Medium2023-08-25
CVE-2023-29424 WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Scripting (XSS) — ShiftController Employee Shift SchedulingCWE-79 7.1 High2023-06-26
CVE-2023-2031 Locatoraid Store Locator <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Locatoraid Store LocatorCWE-79 5.4 Medium2023-06-09
CVE-2023-1978 ShiftController Employee Shift Scheduling <= 4.9.25 - Reflected Cross-Site Scripting via Query String — ShiftController Employee Shift SchedulingCWE-79 6.1 Medium2023-06-09
CVE-2023-25709 WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF) — Locatoraid Store LocatorCWE-352 5.4 Medium2023-03-15

This page lists every published CVE security advisory associated with plainware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.