Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CreativeMindsSolutions — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting CreativeMindsSolutions. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CreativeMindsSolutions operates as a software development firm specializing in enterprise resource planning and customer relationship management platforms. Historical security audits reveal a pattern of critical vulnerabilities, primarily involving remote code execution and cross-site scripting, which have resulted in 28 recorded Common Vulnerabilities and Exposures. These flaws often stem from insufficient input validation and improper access controls within their web-based interfaces. While no major public data breaches have been widely reported, the high volume of disclosed CVEs indicates systemic weaknesses in their secure development lifecycle. The organization has faced scrutiny for delayed patching cycles, allowing attackers to exploit known issues for extended periods. Security researchers note that privilege escalation vulnerabilities further compound the risk, potentially granting unauthorized users administrative access to sensitive corporate data. Continuous monitoring and rigorous code review processes are essential to mitigate these persistent threats and restore trust in their infrastructure.

Top products by CreativeMindsSolutions: CM On Demand Search And Replace CM Answers CM Tooltip Glossary CM Custom Reports – Flexible reporting to track what matters most CM Map Locations CM Pop-Up banners CM Header and Footer – Add custom scripts and styles to your header and footer with ease CM FAQ – Simplify support with an intuitive FAQ management tool CM Download Manager CM Header and Footer CM Registration and Invitation Codes CM Ad Changer CM Business Directory – Optimise and showcase local business CM Registration – Tailored tool for seamless login and invitation-based registrations CM E-Mail Blacklist – Simple email filtering for safer registration CM Business Directory CM Popup Plugin for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-2432 CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels — CM Custom Reports – Flexible reporting to track what matters mostCWE-79 4.4 Medium2026-03-20
CVE-2026-2431 CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters — CM Custom Reports – Flexible reporting to track what matters mostCWE-79 6.1 Medium2026-03-07
CVE-2026-25004 WordPress CM Business Directory plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability — CM Business DirectoryCWE-79 5.9 Medium2026-02-19
CVE-2026-0691 CM E-Mail Blacklist <= 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'black_email' Parameter — CM E-Mail Blacklist – Simple email filtering for safer registrationCWE-79 4.4 Medium2026-01-17
CVE-2025-54045 WordPress CM On Demand Search And Replace plugin <= 1.5.5 - Broken Access Control vulnerability — CM On Demand Search And ReplaceCWE-862 4.3 Medium2025-12-16
CVE-2025-11167 CM Registration – Tailored tool for seamless login and invitation-based registrations <= 2.5.6 - Open Redirect — CM Registration – Tailored tool for seamless login and invitation-based registrationsCWE-601 4.7 Medium2025-10-11
CVE-2025-10178 CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — CM Business Directory – Optimise and showcase local businessCWE-79 6.4 Medium2025-09-26
CVE-2025-48151 WordPress CM Map Locations <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability — CM Map LocationsCWE-79 7.1 High2025-08-20
CVE-2025-54727 WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability — CM On Demand Search And ReplaceCWE-79 5.9 Medium2025-08-14
CVE-2025-54728 WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability — CM On Demand Search And ReplaceCWE-352 4.3 Medium2025-08-14
CVE-2025-54018 WordPress CM Pop-Up banners plugin <= 1.8.4 - Broken Access Control Vulnerability — CM Pop-Up bannersCWE-862 4.3 Medium2025-07-16
CVE-2025-46245 WordPress CM Ad Changer plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) Vulnerability — CM Ad ChangerCWE-352 4.3 Medium2025-04-22
CVE-2025-46246 WordPress CM Answers plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) Vulnerability — CM AnswersCWE-352 4.3 Medium2025-04-22
CVE-2025-32210 WordPress CM Registration and Invitation Codes plugin <= 2.5.6 - Broken Access Control vulnerability — CM Registration and Invitation CodesCWE-862 6.5 Medium2025-04-10
CVE-2025-31091 WordPress CM Header and Footer plugin <= 1.2.4 - Cross Site Scripting (XSS) Vulnerability — CM Header and FooterCWE-79 6.5 Medium2025-04-03
CVE-2025-30910 WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability — CM Download ManagerCWE-22 8.6 High2025-04-01
CVE-2025-2166 CM FAQ – Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Scripting — CM FAQ – Simplify support with an intuitive FAQ management toolCWE-79 6.1 Medium2025-03-14
CVE-2025-24758 WordPress CM Map Locations plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability — CM Map LocationsCWE-79 7.1 High2025-03-03
CVE-2025-24694 WordPress CM Pop-Up Banners plugin <= 1.7.6 - Reflected Cross Site Scripting (XSS) vulnerability — CM Pop-Up bannersCWE-79 7.1 High2025-03-03
CVE-2024-54267 WordPress CM Answers plugin <= 3.2.6 - Broken Access Control vulnerability — CM AnswersCWE-862 4.3 Medium2024-12-13
CVE-2024-11202 Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode — CM Header and Footer – Add custom scripts and styles to your header and footer with easeCWE-79 6.1 Medium2024-11-26
CVE-2024-48041 WordPress CM Tooltip Glossary plugin <= 4.3.9 - Stored Cross-Site Scripting vulnerability — CM Tooltip GlossaryCWE-79 6.5 Medium2024-10-11
CVE-2024-43149 WordPress CM Tooltip Glossary Plugin <= 4.3.7 - Cross Site Scripting (XSS) vulnerability — CM Tooltip GlossaryCWE-79 6.5 Medium2024-08-12
CVE-2024-4086 CM Tooltip Glossary – Powerful Glossary Plugin <= 4.2.11 - Cross-Site Request Forgery — CM Tooltip GlossaryCWE-352 4.3 Medium2024-05-02
CVE-2023-30750 WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection — CM Popup Plugin for WordPressCWE-89 8.5 High2023-12-20
CVE-2023-28749 WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) — CM On Demand Search And ReplaceCWE-352 4.3 Medium2023-11-22
CVE-2023-31228 WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) — CM On Demand Search And ReplaceCWE-79 5.9 Medium2023-08-18
CVE-2023-25992 WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS) — CM AnswersCWE-79 5.9 Medium2023-03-23

This page lists every published CVE security advisory associated with CreativeMindsSolutions. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.