VYPR
Vendor

Codecanyon

Products
9
CVEs
13
Across products
13
Status
Private

Products

9

Recent CVEs

13
  • CVE-2026-4038CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.00

    The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for…

  • CVE-2026-7783MedMay 5, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql…

  • CVE-2026-7782MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be…

  • CVE-2025-11304MedOct 5, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The…

  • CVE-2019-25739MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when…

  • CVE-2023-4407Aug 18, 2023
    risk 0.03cvss epss 0.01

    A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to…

  • CVE-2014-8954Nov 17, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php.

  • CVE-2025-3219Apr 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument description leads to cross site…

  • CVE-2025-2974Mar 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be…

  • CVE-2024-9031Sep 20, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/{task_id}/show. The manipulation of the argument comment leads to cross site scripting. The attack may be…

  • CVE-2024-9030Sep 20, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/{note_id}/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has…

  • CVE-2023-3787Jul 20, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the…

  • CVE-2020-22550Jan 4, 2021
    risk 0.00cvss epss 0.02

    Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server.