Browse all 5 CVE security advisories affecting Kleor. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kleor is a software platform primarily used for enterprise content management and workflow automation. Historically, kleor has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its five recorded CVEs. The platform's security characteristics include complex authentication mechanisms that have previously been bypassed, and its extensive API surface has contributed to recurring injection-based vulnerabilities. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in input validation and access control suggests ongoing challenges in secure development practices for this enterprise solution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32517 | WordPress Contact Manager plugin <= 9.1 - Reflected Cross Site Scripting (XSS) vulnerability — Contact ManagerCWE-79 | 7.1 | High | 2026-03-25 |
| CVE-2025-68853 | WordPress Contact Manager plugin <= 9.1.1 - PHP Object Injection vulnerability — Contact ManagerCWE-502 | 8.8 | High | 2026-02-20 |
| CVE-2025-9519 | Easy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode — Easy TimerCWE-94 | 7.2 | High | 2025-09-04 |
| CVE-2025-8783 | Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title' — Contact ManagerCWE-79 | 4.4 | Medium | 2025-08-19 |
| CVE-2025-1028 | Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload — Contact ManagerCWE-434 | 8.1 | High | 2025-02-05 |
This page lists every published CVE security advisory associated with Kleor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.