Browse all 3 CVE security advisories affecting Acato. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Acato provides enterprise resource planning (ERP) solutions for mid-sized businesses, streamlining operations across finance, inventory, and customer management. Historically, their systems have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely documented, the three CVEs associated with the platform highlight ongoing concerns about authentication bypass and insecure direct object references. Organizations implementing Acato should prioritize regular patching and harden configurations to mitigate risks, as the nature of their ERP functionality makes them attractive targets for attackers seeking access to sensitive business data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25347 | WordPress WP REST Cache plugin <= 2026.1.0 - Cross Site Scripting (XSS) vulnerability — WP REST CacheCWE-79 | 7.1 | High | 2026-03-25 |
| CVE-2025-52716 | WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability — WP REST CacheCWE-98 | 7.5 | High | 2025-08-14 |
| CVE-2023-28536 | WordPress Branded Social Images plugin <= 1.1.0 - Broken Access Control vulnerability — Branded Social ImagesCWE-862 | 5.3 | Medium | 2024-12-09 |
This page lists every published CVE security advisory associated with Acato. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.