Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Premio — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting Premio. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Premio operates as a digital signage and content management platform, enabling enterprises to manage multimedia displays across distributed locations. Security audits have identified twenty-two Common Vulnerabilities and Exposures (CVEs) associated with the software, highlighting significant historical weaknesses in its architecture. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation flaws, often stemming from insufficient input validation and improper access controls within its web interface and API endpoints. These defects have allowed attackers to execute arbitrary commands, steal session cookies, or bypass authentication mechanisms, potentially leading to full system compromise. While specific major public incidents remain largely undocumented in open sources, the high volume of CVEs suggests a pattern of recurring security lapses in update cycles. Organizations utilizing this platform must prioritize patching and network segmentation to mitigate the risk of exploitation inherent in its legacy codebase.

Top products by Premio: Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager Chaty My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) Stars Testimonials — Responsive Reviews & Star Ratings My Sticky Elements Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Chaty (WordPress plugin) Folders Pro Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty Stars Testimonials All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements
CVE IDTitleCVSSSeverityPublished
CVE-2026-3657 My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action — My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)CWE-89 7.5 High2026-03-12
CVE-2026-27370 WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability — ChatyCWE-201 7.5 High2026-03-05
CVE-2025-12640 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement — Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File ManagerCWE-862 4.3 Medium2026-01-08
CVE-2025-14428 My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion — All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky ElementsCWE-862 4.3 Medium2026-01-01
CVE-2025-68995 WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability — My Sticky ElementsCWE-862 4.3 Medium2025-12-30
CVE-2025-67912 WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability — Stars TestimonialsCWE-79 6.5 Medium2025-12-16
CVE-2025-12971 Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation — Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File ManagerCWE-863 4.3 Medium2025-11-27
CVE-2025-1450 Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – ChatyCWE-79 6.4 Medium2025-02-27
CVE-2024-12204 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization — Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerceCWE-862 5.4 Medium2025-01-11
CVE-2024-12627 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection — Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerceCWE-502 7.5 High2025-01-11
CVE-2023-51362 WordPress myStickyElements plugin <= 2.1.3 - Broken Access Control vulnerability — My Sticky ElementsCWE-862 5.3 Medium2024-12-09
CVE-2024-11429 Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion — Stars Testimonials — Responsive Reviews & Star RatingsCWE-98 8.8 High2024-12-05
CVE-2024-8989 Stars Testimonials <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_testimonials Shortcode — Stars Testimonials — Responsive Reviews & Star RatingsCWE-79 6.4 Medium2024-10-01
CVE-2024-7317 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload — Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File ManagerCWE-79 6.4 Medium2024-08-06
CVE-2024-2024 Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload — Folders ProCWE-22 8.8 High2024-06-14
CVE-2024-2023 Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload — Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File ManagerCWE-22 4.3 Medium2024-06-14
CVE-2024-3868 Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name — Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File ManagerCWE-79 5.4 Medium2024-05-04
CVE-2023-7048 My Sticky Bar <= 2.6.6 - Cross-Site Request Forgery to Sensitive Information Exposure — My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)CWE-352 3.1 Low2024-01-11
CVE-2023-40204 WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload — Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File ManagerCWE-434 9.1 Critical2023-12-20
CVE-2023-47759 WordPress Chaty plugin <= 3.1.2 - Cross Site Scripting (XSS) vulnerability — ChatyCWE-79 5.9 Medium2023-11-22
CVE-2023-25019 WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS) — ChatyCWE-79 7.1 High2023-08-30
CVE-2021-36846 WordPress Chaty plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — Chaty (WordPress plugin)CWE-79 4.8 Medium2022-04-11

This page lists every published CVE security advisory associated with Premio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.