Browse all 6 CVE security advisories affecting CoSchedule. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CoSchedule is a marketing calendar and project management platform designed to streamline content creation and team collaboration. Historically, the platform has been susceptible to various vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from improper input validation and access control issues. While no major public security incidents have been widely reported, the six CVEs on record highlight recurring concerns around sanitization and permission management. The platform's web-based nature and integration with multiple third-party services create potential attack surfaces that require continuous security monitoring and patch management to maintain user data integrity and system availability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49913 | WordPress CoSchedule plugin <= 3.4.0 - Broken Access Control vulnerability — CoScheduleCWE-862 | 5.3 | Medium | 2025-10-22 |
| CVE-2025-60119 | WordPress CoSchedule Plugin <= 3.3.11 - Sensitive Data Exposure Vulnerability — CoScheduleCWE-497 | 5.3 | Medium | 2025-09-26 |
| CVE-2022-47165 | WordPress CoSchedule Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF) — CoScheduleCWE-352 | 4.3 | Medium | 2023-05-25 |
This page lists every published CVE security advisory associated with CoSchedule. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.