Wang.market Wangmarket — known CVE vulnerabilities
Every CVE whose affected-product data names Wang.market Wangmarket, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2023-26813 — CVSS 9.8 (critical): SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS…
CVE-2025-25769 — CVSS 8.0 (high): Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.
CVE-2025-25770 — CVSS 6.8 (medium): Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java.
CVE-2025-15415 — CVSS 4.7 (medium): A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file…
CVE-2023-6886 — CVSS 4.7 (medium): A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of…
CVE-2025-15416 — CVSS 2.4 (low): A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add…
CVE-2025-15451 — CVSS 2.4 (low): A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file…
CVE-2025-15452 — CVSS 2.4 (low): A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.d…