Browse all 3 CVE security advisories affecting Alex. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Alex primarily serves as a web application framework used for building dynamic content management systems. Historically, Alex has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with three CVEs currently documented. The framework's modular architecture has introduced security challenges through third-party extensions. Notable characteristics include its extensive use of templating engines which have previously led to injection vulnerabilities, while its permission system has been susceptible to misconfiguration flaws. No major public security incidents have been reported, though the consistent pattern of vulnerabilities in common web security categories suggests ongoing need for careful implementation and regular security updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58011 | WordPress Content Mask plugin <= 1.8.5.2 - Server Side Request Forgery (SSRF) vulnerability — Content MaskCWE-918 | 6.4 | Medium | 2025-09-22 |
| CVE-2025-58012 | WordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerability — Content MaskCWE-639 | 3.8 | Low | 2025-09-22 |
| CVE-2024-47643 | WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability — Include Fussball.de WidgetsCWE-79 | 6.5 | Medium | 2024-10-05 |
This page lists every published CVE security advisory associated with Alex. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.