Browse all 4 CVE security advisories affecting shoheitanaka. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Shoheitanaka develops software primarily used in web application development and content management systems. Their products have historically been associated with remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, with four CVEs recorded to date. Security researchers have noted consistent issues in input validation and improper sanitization of user-supplied data. While no major public security incidents have been documented, the pattern of vulnerabilities suggests potential risks for organizations implementing their solutions without proper hardening or regular patching. Their codebase requires careful security review, particularly in areas handling dynamic content and user authentication.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1305 | Japanized for WooCommerce <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation — Japanized for WooCommerceCWE-287 | 5.3 | Medium | 2026-02-27 |
| CVE-2025-14078 | PAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation — PAYGENT for WooCommerceCWE-862 | 5.3 | Medium | 2026-01-17 |
| CVE-2025-14886 | Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification — Japanized for WooCommerceCWE-862 | 5.3 | Medium | 2026-01-09 |
| CVE-2023-0942 | Japanized For WooCommerce <= 2.5.4 - Reflected Cross-Site Scripting — Japanized for WooCommerceCWE-79 | 6.1 | Medium | 2023-02-21 |
This page lists every published CVE security advisory associated with shoheitanaka. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.