Browse all 3 CVE security advisories affecting addonsorg. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-5364 | Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass — Drag and Drop File Upload for Contact Form 7CWE-434 | 8.1 | High | 2026-04-24 |
| CVE-2025-14074 | PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication — PDF for Contact Form 7 + Drag and Drop Template BuilderCWE-862 | 4.3 | Medium | 2025-12-12 |
| CVE-2024-12593 | PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode — PDF for WPForms + Drag and Drop Template BuilderCWE-79 | 6.4 | Medium | 2025-01-15 |
This page lists every published CVE security advisory associated with addonsorg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.