Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

realmag777 — Vulnerabilities & Security Advisories 109

Browse all 109 CVE security advisories affecting realmag777. AI-powered Chinese analysis, POCs, and references for each vulnerability.

realmag777 is a software vendor primarily known for developing and distributing e-commerce solutions and digital marketplace platforms. Historical security audits reveal a pattern of critical vulnerabilities, with 109 CVEs currently on record. The most prevalent flaw classes include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, the software has frequently exhibited insecure direct object references and privilege escalation issues, allowing unauthorized users to access sensitive administrative functions or modify system configurations. These defects typically arise from legacy codebases that lack modern security controls and regular patching cycles. Major incidents have involved data breaches exposing customer personal information and payment details due to unpatched SQL injection flaws. The high volume of disclosed vulnerabilities suggests a reactive rather than proactive security posture, requiring immediate attention to code review processes and dependency management to mitigate ongoing risks for enterprise clients relying on this infrastructure.

Top products by realmag777: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net HUSKY – Products Filter Professional for WooCommerce WOLF – WordPress Posts Bulk Editor and Manager Professional MDTF WPCS – WordPress Currency Switcher Professional Active Products Tables for WooCommerce. Use constructor to create tables WordPress Meta Data and Taxonomies Filter (MDTF) BEAR FOX – Currency Switcher Professional for WooCommerce TableOn MDTF – Meta Data and Taxonomies Filter HUSKY WOLF Active Products Tables for WooCommerce InPost Gallery TableOn – WordPress Posts Table Filterable GMap Targeting FOX WPCS HUSKY – Products Filter for WooCommerce (formerly WOOF) Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WOOCS – WooCommerce Currency Switcher WPCS - WordPress Currency Switcher Taxonomy Chain Menu HUSKY – Products Filter for WooCommerce Professional WordPress Meta Data Filter & Taxonomies Filter
CVE IDTitleCVSSSeverityPublished
CVE-2026-1672 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 6.5 Medium2026-04-08
CVE-2026-1673 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 4.3 Medium2026-04-08
CVE-2026-39501 WordPress FOX plugin <= 1.4.5 - Broken Access Control vulnerability — FOXCWE-862 5.3 Medium2026-04-08
CVE-2026-39497 WordPress FOX plugin <= 1.4.5 - SQL Injection vulnerability — FOXCWE-89 7.6 High2026-04-08
CVE-2026-3513 TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute — TableOn – WordPress Posts Table FilterableCWE-79 6.4 Medium2026-04-08
CVE-2026-32458 WordPress WOLF plugin <= 1.0.8.7 - SQL Injection vulnerability — WOLFCWE-89 7.6 High2026-03-13
CVE-2026-32455 WordPress MDTF plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability — MDTFCWE-79 6.5 Medium2026-03-13
CVE-2026-32450 WordPress Active Products Tables for WooCommerce plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability — Active Products Tables for WooCommerceCWE-79 6.5 Medium2026-03-13
CVE-2025-67990 WordPress GMap Targeting plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability — GMap TargetingCWE-79 7.1 High2026-02-20
CVE-2025-69316 WordPress TableOn plugin <= 1.0.4.2 - Reflected Cross Site Scripting (XSS) vulnerability — TableOnCWE-79 7.1 High2026-01-22
CVE-2025-13110 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' — HUSKY – Products Filter Professional for WooCommerceCWE-639 4.3 Medium2025-12-18
CVE-2025-13109 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query' — HUSKY – Products Filter Professional for WooCommerceCWE-639 4.3 Medium2025-12-03
CVE-2025-60244 WordPress TableOn plugin <= 1.0.5.1 - Content Injection vulnerability — TableOnCWE-80 7.1 High2025-11-06
CVE-2025-11735 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.1 - Unauthenticated SQL Injection via `phrase` Parameter — HUSKY – Products Filter Professional for WooCommerceCWE-89 7.5 High2025-10-28
CVE-2025-62964 WordPress MDTF plugin <= 1.3.6 - Broken Access Control vulnerability — MDTFCWE-862 5.3 Medium2025-10-27
CVE-2025-62069 WordPress MDTF plugin <= 1.3.3.8 - Cross Site Scripting (XSS) vulnerability — MDTFCWE-79 6.5 Medium2025-10-22
CVE-2025-49907 WordPress MDTF plugin <= 1.3.3.9 - Broken Access Control vulnerability — MDTFCWE-862 4.3 Medium2025-10-22
CVE-2025-57889 WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability — InPost GalleryCWE-98 7.5 High2025-09-05
CVE-2025-54707 WordPress MDTF Plugin <= 1.3.3.7 - SQL Injection Vulnerability — MDTFCWE-89 9.3 Critical2025-08-14
CVE-2025-52732 WordPress Google Map Targeting Plugin <= 1.1.6 - Local File Inclusion Vulnerability — GMap TargetingCWE-98 8.8 High2025-08-14
CVE-2025-5143 TableOn – WordPress Posts Table Filterable <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode — TableOn – WordPress Posts Table FilterableCWE-79 6.4 Medium2025-06-21
CVE-2025-52708 WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability — HUSKYCWE-98 7.5 High2025-06-20
CVE-2025-48266 WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.8 - Cross Site Scripting (XSS) Vulnerability — Active Products Tables for WooCommerceCWE-79 6.5 Medium2025-05-19
CVE-2025-3748 Taxonomy Chain Menu <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via pn_chain_menu Shortcode — Taxonomy Chain MenuCWE-79 6.4 Medium2025-05-02
CVE-2025-32592 WordPress TableOn Plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability — TableOnCWE-79 7.1 High2025-04-17
CVE-2025-26903 WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability — InPost GalleryCWE-352 4.3 Medium2025-04-15
CVE-2025-32569 WordPress TableOn plugin <= 1.0.4.3 - PHP Object Injection vulnerability — TableOnCWE-502 9.8 Critical2025-04-11
CVE-2025-32218 WordPress TableOn plugin <= 1.0.5.1 - Broken Access Control vulnerability — TableOnCWE-862 5.4 Medium2025-04-04
CVE-2025-26890 WordPress HUSKY plugin <= 1.3.6.4 - Local File Inclusion vulnerability — HUSKYCWE-98 7.5 High2025-03-27
CVE-2025-1514 Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call — Active Products Tables for WooCommerce. Use constructor to create tablesCWE-20 7.3 High2025-03-26

This page lists every published CVE security advisory associated with realmag777. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.