Browse all 3 CVE security advisories affecting Arefly. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Arefly is a web application framework primarily used for developing content management systems and dynamic websites. Historically, it has been associated with vulnerabilities including remote code execution, cross-site scripting (XSS), and privilege escalation, often stemming from insufficient input validation and insecure default configurations. The framework has recorded three CVEs, with notable security concerns including improper access controls and insecure session management. While no major public security incidents have been widely documented, the consistent presence of multiple CVEs suggests ongoing challenges in secure coding practices. Users are advised to implement strict input sanitization and maintain regular updates to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-31454 | WordPress Delete Post Revision plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability — Delete Post RevisionCWE-79 | 7.1 | High | 2025-04-01 |
| CVE-2025-30575 | WordPress Login Redirect plugin <= - 1.0.5 Cross Site Scripting (XSS) Vulnerability — Login RedirectCWE-79 | 5.9 | Medium | 2025-03-24 |
| CVE-2025-22579 | WordPress WP Header Notification plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability — WP Header NotificationCWE-79 | 5.9 | Medium | 2025-01-07 |
This page lists every published CVE security advisory associated with Arefly. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.