Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

stiofansisland — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting stiofansisland. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Stiofansisland operates as a web-based platform primarily serving as a collaborative workspace for creative projects, with core functionality centered around content sharing and team management. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its seven recorded CVEs. Security assessments reveal consistent weaknesses in input validation and access control mechanisms. While no major public security incidents have been documented, the pattern of vulnerabilities suggests potential risks for organizations relying on the platform for sensitive collaborative work, particularly regarding unauthorized access and arbitrary code execution capabilities.

Top products by stiofansisland: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
CVE IDTitleCVSSSeverityPublished
CVE-2026-4979 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WPCWE-918 5.0 Medium2026-04-11
CVE-2026-4977 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WPCWE-862 4.3 Medium2026-04-10
CVE-2026-5742 UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WPCWE-79 6.4 Medium2026-04-09
CVE-2025-10003 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Subscriber+) SQL Injection — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WPCWE-89 6.5 Medium2025-09-06
CVE-2025-9344 UsersWP <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WPCWE-79 6.4 Medium2025-08-28
CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WPCWE-89 9.8 Critical2024-06-29
CVE-2024-2423 UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WPCWE-79 6.4 Medium2024-04-09

This page lists every published CVE security advisory associated with stiofansisland. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.