Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Softaculous — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting Softaculous. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Softaculous:Page Builder: Pagelayer – Drag and Drop website builderBackuply – Backup, Restore, Migrate and CloneFileOrganizer – WordPress File ManagerSiteSEO – SEO SimplifiedWebuzoPageLayerLoginizerSpeedyCache – Cache, Optimization, PerformanceSpeedyCacheLoginizer Security
CVE IDTitleCVSSSeverityPublished
CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2026-04-08
CVE-2026-39469 WordPress PageLayer plugin <= 2.0.8 - Sensitive Data Exposure vulnerability — PageLayerCWE-497 7.5AIHighAI2026-04-08
CVE-2026-2442 Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' — Page Builder: Pagelayer – Drag and Drop website builderCWE-93 5.3 Medium2026-03-28
CVE-2025-13085 SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure — SiteSEO – SEO SimplifiedCWE-285 4.3 Medium2025-11-19
CVE-2025-12814 SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset — SiteSEO – SEO SimplifiedCWE-285 5.3 Medium2025-11-19
CVE-2025-12366 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference — Page Builder: Pagelayer – Drag and Drop website builderCWE-639 4.3 Medium2025-11-13
CVE-2025-12367 SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update — SiteSEO – SEO SimplifiedCWE-285 4.3 Medium2025-11-01
CVE-2025-10307 Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion — Backuply – Backup, Restore, Migrate and CloneCWE-22 6.5 Medium2025-09-26
CVE-2025-9277 SiteSEO – SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression — SiteSEO – SEO SimplifiedCWE-79 6.4 Medium2025-08-26
CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 4.7 Medium2025-05-24
CVE-2024-13427 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2025-05-24
CVE-2025-2104 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication — Page Builder: Pagelayer – Drag and Drop website builderCWE-862 4.3 Medium2025-03-13
CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode — Page Builder: Pagelayer – Drag and Drop website builderCWE-284 4.3 Medium2025-03-12
CVE-2025-1926 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification — Page Builder: Pagelayer – Drag and Drop website builderCWE-352 4.3 Medium2025-03-10
CVE-2025-24573 WordPress Pagelayer plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability — PageLayerCWE-79 6.5 Medium2025-01-24
CVE-2023-49196 WordPress Pagelayer plugin <= 1.7.7 - Broken Access Control vulnerability — PageLayerCWE-862 4.3 Medium2024-12-09
CVE-2024-11010 FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion — FileOrganizer – WordPress File ManagerCWE-22 7.2 High2024-12-07
CVE-2024-10097 Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider — Loginizer SecurityCWE-287 8.1 High2024-11-05
CVE-2024-7985 FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload — FileOrganizer – WordPress File ManagerCWE-434 7.5 High2024-10-29
CVE-2024-8669 Backuply – Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection — Backuply – Backup, Restore, Migrate and CloneCWE-89 9.1 Critical2024-09-14
CVE-2024-43299 WordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability — SpeedyCacheCWE-352 5.4 Medium2024-08-26
CVE-2024-24622 Softaculous Webuzo Password Reset Command Injection — WebuzoCWE-78 8.8 High2024-07-25
CVE-2024-24623 Softaculous Webuzo FTP Management Command Injection — WebuzoCWE-78 8.8 High2024-07-25
CVE-2024-24621 Softaculous Webuzo Authentication Bypass — WebuzoCWE-697 9.8 Critical2024-07-25
CVE-2024-5599 FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing — FileOrganizer – WordPress File ManagerCWE-922 7.5 High2024-06-07
CVE-2024-2324 FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting — FileOrganizer – WordPress File ManagerCWE-79 4.4 Medium2024-05-02
CVE-2024-2504 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2024-04-09
CVE-2024-2294 Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory Traversal — Backuply – Backup, Restore, Migrate and CloneCWE-22 4.9 Medium2024-03-16
CVE-2024-2127 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 6.4 Medium2024-03-07
CVE-2024-1590 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 4.6 Medium2024-02-23

This page lists every published CVE security advisory associated with Softaculous. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.