Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

yonisink — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting yonisink. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Yonisink is a network-attached storage solution primarily used for centralized file storage and sharing in small to medium environments. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication bypass issues. The product has accumulated seven CVEs, with several allowing unauthenticated attackers to execute arbitrary commands or access sensitive data. No major public security incidents have been documented, though the consistent pattern of vulnerabilities suggests a need for rigorous security testing and patch management.

Top products by yonisink: yPHPlista Custom Post Type Lockdown yCyclista Sinking Dropdowns yContributors Custom Post Type Images
CVE IDTitleCVSSSeverityPublished
CVE-2025-58255 WordPress Custom Post Type Images Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability — Custom Post Type ImagesCWE-352 9.6 Critical2025-09-22
CVE-2025-6041 yContributors <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting — yContributorsCWE-352 6.1 Medium2025-07-04
CVE-2025-23700 WordPress yCyclista plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — yCyclistaCWE-79 7.1 High2025-01-22
CVE-2025-23530 WordPress Custom Post Type Lockdown plugin <= 1.11 - CSRF to Privilege Escalation vulnerability — Custom Post Type LockdownCWE-352 8.8 High2025-01-16
CVE-2024-56204 WordPress Sinking Dropdowns plugin <= 1.25 - CSRF to Privilege Escalation vulnerability — Sinking DropdownsCWE-352 8.8 High2024-12-31
CVE-2024-53717 WordPress yPHPlista plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — yPHPlistaCWE-352 7.1 High2024-12-02
CVE-2024-51805 WordPress yPHPlista plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability — yPHPlistaCWE-79 6.5 Medium2024-11-19

This page lists every published CVE security advisory associated with yonisink. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.