Browse all 3 CVE security advisories affecting POEditor. AI-powered Chinese analysis, POCs, and references for each vulnerability.
POEditor is a cloud-based localization platform enabling teams to manage translations and software localization workflows. Historically, the platform has been susceptible to cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into web pages viewed by users. Additionally, remote code execution (RCE) flaws have been identified in certain versions, potentially enabling unauthorized system access. While no major public security incidents have been widely reported, the three CVEs on record highlight consistent risks in input validation and access control. The platform's web interface and API endpoints remain primary attack surfaces, with privilege escalation vulnerabilities occasionally discovered in administrative functions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49237 | WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability — POEditorCWE-352 | 7.4 | High | 2025-06-06 |
| CVE-2024-32453 | WordPress POEditor plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability — POEditorCWE-79 | 5.9 | Medium | 2024-04-15 |
| CVE-2023-32091 | WordPress POEditor Plugin <= 0.9.4 is vulnerable to Cross Site Request Forgery (CSRF) — POEditorCWE-352 | 5.4 | Medium | 2023-10-03 |
This page lists every published CVE security advisory associated with POEditor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.