Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

premmerce — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting premmerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Premmerce operates as a comprehensive e-commerce platform designed to facilitate online retail operations, offering modules for product management, order processing, and customer engagement. Security audits have identified twenty-four distinct Common Vulnerabilities and Exposures (CVEs) associated with the software, indicating a persistent history of security deficiencies. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls. Additionally, instances of privilege escalation and broken authentication mechanisms have been documented, allowing unauthorized users to manipulate system functions or access sensitive data. These flaws suggest that the platform has historically struggled with secure coding practices, particularly in handling user-generated content and administrative interfaces. While no single catastrophic public breach has been widely publicized, the cumulative volume of CVEs highlights significant risks for organizations relying on Premmerce for critical business transactions without rigorous patch management and security hardening.

Found 4 results / 24Clear Filters
Top products by premmerce: Premmerce Premmerce User Roles Premmerce Redirect Manager Premmerce Wholesale Pricing for WooCommerce Premmerce Product Search for WooCommerce Premmerce Brands for WooCommerce Premmerce Wishlist for WooCommerce Premmerce Permalink Manager for WooCommerce Premmerce Product Filter for WooCommerce Premmerce WooCommerce Customers Manager
CVE IDTitleCVSSSeverityPublished
CVE-2026-0555 Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint — PremmerceCWE-79 6.4 Medium2026-02-07
CVE-2025-60241 WordPress Premmerce plugin <= 1.3.19 - Local File Inclusion vulnerability — PremmerceCWE-98 7.5 High2025-11-06
CVE-2025-64288 WordPress Premmerce plugin <= 1.3.19 - Cross Site Request Forgery (CSRF) vulnerability — PremmerceCWE-352 4.3 Medium2025-10-29
CVE-2023-23719 WordPress Premmerce Plugin <= 1.3.17 is vulnerable to Cross Site Request Forgery (CSRF) — PremmerceCWE-352 5.4 Medium2023-07-17

This page lists every published CVE security advisory associated with premmerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.