Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zealopensource — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting zealopensource. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zealopensource develops open-source software primarily used for web application development and API management. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with eight CVEs documented to date. While no major security incidents have been widely reported, the consistent pattern of vulnerabilities in their core functionality suggests potential risks for organizations relying on their tools. Their codebase often contains insufficient input validation and access controls, which could lead to unauthorized system compromise. Users are advised to maintain current patch levels and implement additional security controls when deploying Zealopensource solutions in production environments.

Top products by zealopensource: Generate PDF using Contact Form 7 Accept Stripe Payments Using Contact Form 7 Accept Authorize.NET Payments Using Contact Form 7 Accept SagePay Payments Using Contact Form 7 User Registration Using Contact Form 7 Smart Appointment & Booking
CVE IDTitleCVSSSeverityPublished
CVE-2026-0742 Smart Appointment & Booking <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via saab_save_form_data AJAX Action — Smart Appointment & BookingCWE-79 6.4 Medium2026-02-04
CVE-2025-12825 User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure — User Registration Using Contact Form 7CWE-862 5.3 Medium2026-01-17
CVE-2025-12834 Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message — Accept Stripe Payments Using Contact Form 7CWE-79 6.1 Medium2025-12-12
CVE-2025-2883 Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure — Accept SagePay Payments Using Contact Form 7CWE-200 5.3 Medium2025-04-08
CVE-2024-12250 Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure — Accept Authorize.NET Payments Using Contact Form 7CWE-200 5.3 Medium2024-12-18
CVE-2024-12255 Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure — Accept Stripe Payments Using Contact Form 7CWE-200 5.3 Medium2024-12-12
CVE-2024-6316 Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Upload — Generate PDF using Contact Form 7CWE-352 8.8 High2024-07-09
CVE-2024-6317 Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion — Generate PDF using Contact Form 7CWE-352 8.8 High2024-07-09

This page lists every published CVE security advisory associated with zealopensource. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.