Browse all 4 CVE security advisories affecting FRESHFACE. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FRESHFACE is a web application framework primarily used for building dynamic user interfaces and web applications. Historically, it has been susceptible to multiple vulnerability classes including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation, with four CVEs currently documented. The framework's security characteristics include regular updates to address discovered vulnerabilities, though its widespread adoption has made it a target for exploitation. No major public security incidents have been reported specifically targeting FRESHFACE, though its CVE history indicates consistent security challenges that require careful implementation and ongoing maintenance by developers using the platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-48096 | WordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerability — Custom CSSCWE-862 | 6.5 | Medium | 2025-10-22 |
| CVE-2025-26961 | WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Broken Access Control vulnerability — Fresh FrameworkCWE-862 | 8.6 | High | 2025-03-15 |
| CVE-2025-26936 | WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerability — Fresh FrameworkCWE-94 | 10.0 | Critical | 2025-03-10 |
| CVE-2025-26970 | WordPress Ark Theme Core plugin < 1.71.0 - Unauthenticated Remote Code Execution (RCE) vulnerability — Ark Theme CoreCWE-94 | 10.0 | Critical | 2025-03-03 |
This page lists every published CVE security advisory associated with FRESHFACE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.