Browse all 4 CVE security advisories affecting CreativeWS. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CreativeWS develops web-based creative collaboration tools used by design teams globally. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. The company has addressed four CVEs to date, with notable issues including an RCE vulnerability in their file upload component and an XSS flaw in their comment system. While no major public security incidents have been reported, their vulnerability history suggests a pattern of insufficient input sanitization and inadequate session management, requiring ongoing security improvements to protect user data and maintain system integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32505 | WordPress Kiddy theme <= 2.0.8 - Local File Inclusion vulnerability — KiddyCWE-98 | 8.1 | High | 2026-03-25 |
| CVE-2026-32504 | WordPress VintWood theme <= 1.1.8 - Local File Inclusion vulnerability — VintWoodCWE-98 | 8.1 | High | 2026-03-25 |
| CVE-2026-32500 | WordPress MetaMax theme <= 1.1.4 - Local File Inclusion vulnerability — MetaMaxCWE-98 | 8.1 | High | 2026-03-25 |
| CVE-2026-32503 | WordPress Trendustry theme <= 1.1.4 - Local File Inclusion vulnerability — TrendustryCWE-98 | 8.1 | High | 2026-03-25 |
This page lists every published CVE security advisory associated with CreativeWS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.