Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

scriptsbundle — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting scriptsbundle. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ScriptsBundle operates as a digital marketplace facilitating the distribution of PHP scripts, web templates, and application source code. This platform primarily serves developers seeking pre-built solutions for rapid deployment, though it has become a significant vector for malicious software distribution. Historically, vulnerabilities within scripts sold or hosted on the platform frequently involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection, often stemming from inadequate input validation in third-party code. The site has faced scrutiny for hosting malware-infected scripts, leading to widespread browser warnings and blacklisting by security vendors. With twenty-one recorded Common Vulnerabilities and Exposures (CVEs), ScriptsBundle highlights the risks associated with unvetted commercial code. Users must exercise extreme caution, as the platform’s business model relies on volume rather than rigorous security auditing, making it a high-risk source for enterprise integration without thorough independent review.

Top products by scriptsbundle: AdForest DWT - Directory & Listing WordPress Theme Nokri – Job Board WordPress Theme Exertio Framework CarSpot – Dealership Wordpress Classified Theme Exertio Nokri AdForest Elementor CarSpot Buyent
CVE IDTitleCVSSSeverityPublished
CVE-2025-13851 Buyent Theme (with Buyent Classified Plugin) <= 1.0.7 - Unauthenticated Privilege Escalation via User Registration — BuyentCWE-269 9.8 Critical2026-02-19
CVE-2026-1729 AdForest <= 6.0.12 - Authentication Bypass — AdForestCWE-306 9.8 Critical2026-02-12
CVE-2025-69317 WordPress CarSpot theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability — CarSpotCWE-79 7.1 High2026-01-22
CVE-2025-67946 WordPress AdForest theme <= 6.0.11 - Local File Inclusion vulnerability — AdForestCWE-98 8.1 High2026-01-22
CVE-2025-67947 WordPress AdForest Elementor plugin <= 3.0.11 - Cross Site Scripting (XSS) vulnerability — AdForest ElementorCWE-79 7.1 High2026-01-22
CVE-2025-67569 WordPress AdForest theme <= 6.0.11 - Broken Access Control vulnerability — AdForestCWE-862 5.3 Medium2025-12-09
CVE-2025-58259 WordPress Nokri Theme <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability — NokriCWE-352 7.1 High2025-09-22
CVE-2025-8359 AdForest <= 6.0.9 - Authentication Bypass to Admin — AdForestCWE-288 9.8 Critical2025-09-06
CVE-2025-49402 WordPress Exertio Framework Plugin <= 1.3.3 - SQL Injection Vulnerability — Exertio FrameworkCWE-89 8.5 High2025-08-28
CVE-2025-54686 WordPress Exertio Theme <= 1.3.2 - PHP Object Injection Vulnerability — ExertioCWE-502 9.8 Critical2025-08-14
CVE-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover — Nokri – Job Board WordPress ThemeCWE-288 8.8 High2025-07-12
CVE-2024-12827 DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset — DWT - Directory & Listing WordPress ThemeCWE-620 9.8 Critical2025-06-27
CVE-2024-13373 Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update — Exertio FrameworkCWE-620 8.1 High2025-03-01
CVE-2024-12824 Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change — Nokri – Job Board WordPress ThemeCWE-620 9.8 Critical2025-03-01
CVE-2024-12860 CarSpot – Dealership Wordpress Classified Theme <= 2.4.3 - Unauthenticated Arbitrary Password Reset/Account Takeover — CarSpot – Dealership Wordpress Classified ThemeCWE-620 9.8 Critical2025-02-18
CVE-2025-0169 DWT - Directory & Listing WordPress Theme <=3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — DWT - Directory & Listing WordPress ThemeCWE-79 6.4 Medium2025-02-08
CVE-2024-12857 AdForest <= 5.1.8 - Authentication Bypass — AdForestCWE-288 9.8 Critical2025-01-22
CVE-2025-0170 DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting — DWT - Directory & Listing WordPress ThemeCWE-79 6.1 Medium2025-01-16
CVE-2024-12855 AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion — AdForestCWE-862 4.3 Medium2025-01-08
CVE-2024-11350 AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover — AdForestCWE-640 9.8 Critical2025-01-08
CVE-2024-11349 AdForest <= 5.1.6 - Authentication Bypass — AdForestCWE-288 9.8 Critical2024-12-21

This page lists every published CVE security advisory associated with scriptsbundle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.