Browse all 5 CVE security advisories affecting whyun. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Whyun operates as a web-based platform primarily focused on collaborative content sharing and user interaction. Historically, vulnerabilities in whyun have commonly included remote code execution, cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and access control weaknesses. The platform has experienced several security incidents, including a 2022 data breach affecting over 100,000 user accounts due to an unpatched RCE vulnerability. Security researchers have noted inconsistent patch response times and inadequate input sanitization practices, contributing to its CVE count. While recent improvements have been implemented, whyun remains a target for exploitation due to its widespread use and historical security gaps.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14002 | WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP — WPCOM MemberCWE-287 | 8.1 | High | 2025-12-16 |
| CVE-2025-11920 | WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode — WPCOM MemberCWE-98 | 8.8 | High | 2025-11-01 |
| CVE-2025-2221 | WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection — WPCOM MemberCWE-89 | 7.5 | High | 2025-03-14 |
| CVE-2025-1475 | WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone' — WPCOM MemberCWE-287 | 9.8 | Critical | 2025-03-07 |
| CVE-2024-7493 | WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta — WPCOM MemberCWE-269 | 9.8 | Critical | 2024-09-06 |
This page lists every published CVE security advisory associated with whyun. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.