All 7 CVE vulnerabilities found in KiotViet Sync, with AI-generated Chinese analysis, references, and POCs.
Vendor: Kiotviet
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12675 | KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update CWE-862 | 4.3 | Medium | 2025-11-05 |
| CVE-2025-12676 | KiotViet Sync <= 1.8.5 - Use of Hard-coded Password to Authorization Bypass CWE-259 | 5.3 | Medium | 2025-11-05 |
| CVE-2025-12674 | KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload CWE-434 | 9.8 | Critical | 2025-11-05 |
| CVE-2025-12677 | KiotViet Sync <= 1.8.5 - Unauthenticated Webhook Key Exposure CWE-200 | 5.3 | Medium | 2025-11-05 |
| CVE-2025-62978 | WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability CWE-862 | 4.3 | Medium | 2025-10-27 |
| CVE-2025-39381 | WordPress KiotViet Sync plugin <= 1.8.5 - CSRF to Stored XSS vulnerability CWE-352 | 7.1 | High | 2025-04-24 |
| CVE-2025-32573 | WordPress KiotViet Sync Plugin <= 1.8.4 - SQL Injection vulnerability CWE-89 | 8.5 | High | 2025-04-17 |
All 7 known CVE vulnerabilities affecting KiotViet Sync with full Chinese analysis, references, and POCs where available.