Browse all 6 CVE security advisories affecting TotalSuite. AI-powered Chinese analysis, POCs, and references for each vulnerability.
TotalSuite is a comprehensive business software suite providing integrated solutions for enterprise resource planning, customer relationship management, and project management. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its six recorded CVEs. Security researchers have identified authentication bypass weaknesses and insufficient input validation as recurring concerns. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations relying on the platform without proper hardening and timely patching.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-0677 | WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability — TotalContest LiteCWE-502 | 9.8 | - | 2026-03-20 |
| CVE-2025-23782 | WordPress TotalContest Lite Plugin <= 2.8.1 - Reflected Cross Site Scripting (XSS) vulnerability — TotalContest LiteCWE-79 | 7.1 | High | 2025-04-17 |
This page lists every published CVE security advisory associated with TotalSuite. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.