acurax CVE Vulnerabilities & Metrics

Focus on acurax vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About acurax Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with acurax. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total acurax CVEs: 5
Earliest CVE date: 27 Jan 2018, 17:29 UTC
Latest CVE date: 10 Jun 2024, 17:16 UTC

Latest CVE reference: CVE-2024-35749

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -50.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -50.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical acurax CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.06

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS acurax CVEs

These are the five CVEs with the highest CVSS scores for acurax, sorted by severity first and recency.

CVE-2018-6357 acurax Published on 27 Jan 2018, 17:29 UTC (CVSS: 6.8)
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.
CVE-2021-36843 acurax Published on 26 Nov 2021, 17:15 UTC (CVSS: 3.5)
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin.
CVE-2024-35749 acurax Published on 10 Jun 2024, 17:16 UTC (CVSS: 0)
Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6.
CVE-2023-6922 acurax Published on 28 Feb 2024, 09:15 UTC (CVSS: 0)
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.
CVE-2023-39926 acurax Published on 16 Nov 2023, 20:15 UTC (CVSS: 0)
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Under Construction / Maintenance Mode from Acurax plugin <= 2.6 versions.

All CVEs for acurax

CVE-2024-35749 acurax vulnerability CVSS: 0 10 Jun 2024, 17:16 UTC

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6.

CVE-2023-6922 acurax vulnerability CVSS: 0 28 Feb 2024, 09:15 UTC

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.

CVE-2023-39926 acurax vulnerability CVSS: 0 16 Nov 2023, 20:15 UTC

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Under Construction / Maintenance Mode from Acurax plugin <= 2.6 versions.

CVE-2021-36843 acurax vulnerability CVSS: 3.5 26 Nov 2021, 17:15 UTC

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin.

CVE-2018-6357 acurax vulnerability CVSS: 6.8 27 Jan 2018, 17:29 UTC

The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.