Browse all 4 CVE security advisories affecting spacetime. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Spacetime is a collaborative platform for 3D virtual environments and metaverse applications, enabling real-time interaction and content creation. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. The platform's security posture has been impacted by incidents where unauthenticated attackers could execute arbitrary code or manipulate user sessions due to insufficient sandboxing and insecure API endpoints. These vulnerabilities highlight risks in web-based 3D content rendering and real-time communication features, requiring rigorous input sanitization and proper privilege management to mitigate potential exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-11745 | Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field — Ad Inserter – Ad Manager & AdSense AdsCWE-80 | 6.4 | Medium | 2025-11-05 |
| CVE-2024-49248 | WordPress Ad Inserter plugin <= 2.7.37 - Reflected Cross Site Scripting (XSS) vulnerability — Ad InserterCWE-79 | 7.1 | High | 2024-10-17 |
| CVE-2023-4668 | Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe — Ad Inserter – Ad Manager & AdSense AdsCWE-862 | 5.3 | Medium | 2023-10-20 |
| CVE-2023-4645 | Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax — Ad Inserter – Ad Manager & AdSense AdsCWE-862 | 5.3 | Medium | 2023-10-19 |
This page lists every published CVE security advisory associated with spacetime. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.