Browse all 21 CVE security advisories affecting scriptsbundle. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ScriptsBundle operates as a digital marketplace facilitating the distribution of PHP scripts, web templates, and application source code. This platform primarily serves developers seeking pre-built solutions for rapid deployment, though it has become a significant vector for malicious software distribution. Historically, vulnerabilities within scripts sold or hosted on the platform frequently involve Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection, often stemming from inadequate input validation in third-party code. The site has faced scrutiny for hosting malware-infected scripts, leading to widespread browser warnings and blacklisting by security vendors. With twenty-one recorded Common Vulnerabilities and Exposures (CVEs), ScriptsBundle highlights the risks associated with unvetted commercial code. Users must exercise extreme caution, as the platform’s business model relies on volume rather than rigorous security auditing, making it a high-risk source for enterprise integration without thorough independent review.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49402 | WordPress Exertio Framework Plugin <= 1.3.3 - SQL Injection Vulnerability — Exertio FrameworkCWE-89 | 8.5 | High | 2025-08-28 |
| CVE-2024-13373 | Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update — Exertio FrameworkCWE-620 | 8.1 | High | 2025-03-01 |
This page lists every published CVE security advisory associated with scriptsbundle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.