Browse all 3 CVE security advisories affecting setriosoft. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Setriosoft develops enterprise software solutions for supply chain management, with three recorded CVEs indicating potential security risks. Historically, vulnerabilities have included remote code execution and cross-site scripting flaws, often stemming from insufficient input validation. The company's products have faced scrutiny for privilege escalation issues, particularly in administrative modules. While no major public security incidents have been documented, the consistent presence of multiple CVEs suggests ongoing challenges in secure coding practices. Organizations using Setriosoft's solutions should implement strict access controls and regular security assessments to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-7650 | BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion — BizCalendar WebCWE-98 | 7.5 | High | 2025-08-15 |
| CVE-2025-30843 | WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability — bizcalendar-webCWE-89 | 7.6 | High | 2025-03-27 |
| CVE-2024-1780 | BizCalendar Web <= 1.1.0.25 - Reflected Cross-Site Scripting via 'tab' — BizCalendar WebCWE-79 | 6.1 | Medium | 2024-04-10 |
This page lists every published CVE security advisory associated with setriosoft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.