Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

softaculous — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting softaculous. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Softaculous operates as an automated script installer for web hosting environments, enabling users to deploy applications like WordPress or Joomla with minimal manual configuration. Despite its utility, the platform has accumulated thirty-five recorded Common Vulnerabilities and Exposures, reflecting significant security challenges in its codebase. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation or improper access controls within the installer scripts. These defects allow attackers to potentially compromise underlying server infrastructure or gain unauthorized administrative access to hosted applications. While no single catastrophic breach has been widely publicized as a direct result of these specific CVEs, the high volume of disclosed issues indicates persistent weaknesses in the software’s security architecture. This pattern necessitates rigorous patching and careful deployment practices for administrators relying on the tool.

Top products by softaculous: Page Builder: Pagelayer – Drag and Drop website builder Backuply – Backup, Restore, Migrate and Clone FileOrganizer – WordPress File Manager SiteSEO – SEO Simplified Webuzo Loginizer PageLayer SpeedyCache – Cache, Optimization, Performance SpeedyCache Loginizer Security
CVE IDTitleCVSSSeverityPublished
CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2026-04-08
CVE-2026-39469 WordPress PageLayer plugin <= 2.0.8 - Sensitive Data Exposure vulnerability — PageLayerCWE-497 4.3 Medium2026-04-08
CVE-2026-2442 Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' — Page Builder: Pagelayer – Drag and Drop website builderCWE-93 5.3 Medium2026-03-28
CVE-2025-13085 SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure — SiteSEO – SEO SimplifiedCWE-285 4.3 Medium2025-11-19
CVE-2025-12814 SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset — SiteSEO – SEO SimplifiedCWE-285 5.3 Medium2025-11-19
CVE-2025-12366 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference — Page Builder: Pagelayer – Drag and Drop website builderCWE-639 4.3 Medium2025-11-13
CVE-2025-12367 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update — SiteSEO – SEO SimplifiedCWE-285 4.3 Medium2025-11-01
CVE-2025-10307 Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion — Backuply – Backup, Restore, Migrate and CloneCWE-22 6.5 Medium2025-09-26
CVE-2025-9277 SiteSEO – SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression — SiteSEO – SEO SimplifiedCWE-79 6.4 Medium2025-08-26
CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 4.7 Medium2025-05-24
CVE-2024-13427 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2025-05-24
CVE-2025-2104 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication — Page Builder: Pagelayer – Drag and Drop website builderCWE-862 4.3 Medium2025-03-13
CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode — Page Builder: Pagelayer – Drag and Drop website builderCWE-284 4.3 Medium2025-03-12
CVE-2025-1926 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification — Page Builder: Pagelayer – Drag and Drop website builderCWE-352 4.3 Medium2025-03-10
CVE-2025-24573 WordPress Pagelayer plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability — PageLayerCWE-79 6.5 Medium2025-01-24
CVE-2024-11010 FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion — FileOrganizer – WordPress File ManagerCWE-22 7.2 High2024-12-07
CVE-2024-10097 Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider — Loginizer SecurityCWE-287 8.1 High2024-11-05
CVE-2024-7985 FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload — FileOrganizer – WordPress File ManagerCWE-434 7.5 High2024-10-29
CVE-2024-8669 Backuply – Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection — Backuply – Backup, Restore, Migrate and CloneCWE-89 9.1 Critical2024-09-14
CVE-2024-43299 WordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability — SpeedyCacheCWE-352 5.4 Medium2024-08-26
CVE-2024-24622 Softaculous Webuzo Password Reset Command Injection — WebuzoCWE-78 8.8 High2024-07-25
CVE-2024-24623 Softaculous Webuzo FTP Management Command Injection — WebuzoCWE-78 8.8 High2024-07-25
CVE-2024-24621 Softaculous Webuzo Authentication Bypass — WebuzoCWE-697 9.8 Critical2024-07-25
CVE-2024-5599 FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing — FileOrganizer – WordPress File ManagerCWE-922 7.5 High2024-06-07
CVE-2024-2324 FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting — FileOrganizer – WordPress File ManagerCWE-79 4.4 Medium2024-05-02
CVE-2024-2504 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2024-04-09
CVE-2024-2294 Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory Traversal — Backuply – Backup, Restore, Migrate and CloneCWE-22 4.9 Medium2024-03-16
CVE-2024-2127 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2024-03-07
CVE-2024-1590 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 4.6 Medium2024-02-23
CVE-2024-0842 Backuply - Backup, Restore, Migrate and Clone <= 1.2.6 - Denial of Service — Backuply – Backup, Restore, Migrate and CloneCWE-400 7.5 High2024-02-09

This page lists every published CVE security advisory associated with softaculous. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.