Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

totalsoft — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting totalsoft. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Totalsoft develops enterprise resource planning (ERP) software for business process management. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The company has addressed multiple critical security issues over time, with 10 CVEs documented to date. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their applications highlights the importance of regular security assessments and prompt patching for organizations using their ERP solutions.

Top products by totalsoft: Event Calendar – Calendar (WordPress plugin) TS Poll – Survey, Versus Poll, Image Poll, Video Poll Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery TS Poll WooCommerce Pricing – Product Pricing Portfolio Gallery
CVE IDTitleCVSSSeverityPublished
CVE-2026-25428 WordPress TS Poll plugin <= 2.5.5 - Server Side Request Forgery (SSRF) vulnerability — TS PollCWE-918 4.4 Medium2026-02-19
CVE-2025-62098 WordPress Portfolio Gallery plugin <= 1.4.8 - Broken Access Control vulnerability — Portfolio GalleryCWE-862 5.4 Medium2025-12-31
CVE-2025-68588 WordPress TS Poll plugin <= 2.5.5 - Broken Access Control vulnerability — TS PollCWE-862 4.3 Medium2025-12-24
CVE-2025-3470 TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter — TS Poll – Survey, Versus Poll, Image Poll, Video PollCWE-89 4.9 Medium2025-04-15
CVE-2025-22632 WordPress WooCommerce Pricing – Product Pricing plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability — WooCommerce Pricing – Product PricingCWE-79 7.1 High2025-02-23
CVE-2024-10247 YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection — Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image GalleryCWE-89 7.2 High2024-12-06
CVE-2024-9769 Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting — Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image GalleryCWE-79 4.4 Medium2024-12-06
CVE-2024-9022 TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.0 - Authenticated (Administrator+) SQL Injection via orderby Parameter — TS Poll – Survey, Versus Poll, Image Poll, Video PollCWE-89 7.2 High2024-10-10
CVE-2022-36390 WordPress Event Calendar – Calendar plugin <= 1.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability — Event Calendar – Calendar (WordPress plugin)CWE-79 4.1 Medium2022-09-21
CVE-2022-38067 WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability — Event Calendar – Calendar (WordPress plugin)CWE-264 6.5 Medium2022-09-09

This page lists every published CVE security advisory associated with totalsoft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.