Browse all 4 CVE security advisories affecting VanKarWai. AI-powered Chinese analysis, POCs, and references for each vulnerability.
VanKarWai primarily develops web applications and content management systems, serving businesses requiring customizable digital platforms. Historically, the organization's products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been documented, the four CVEs associated with VanKarWai highlight recurring issues in sanitizing user-supplied data and managing authentication mechanisms. Their security posture reflects common challenges in web application development, emphasizing the need for rigorous input handling and secure session management to mitigate exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27343 | WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability — AirtifactCWE-98 | 7.5 | High | 2026-02-19 |
| CVE-2025-67921 | WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability — LoboCWE-89 | 8.5 | High | 2026-01-08 |
| CVE-2025-69342 | WordPress Calafate theme <= 1.7.7 - Local File Inclusion vulnerability — CalafateCWE-98 | 7.5 | High | 2026-01-06 |
| CVE-2025-66527 | WordPress Lobo theme <= 2.8.6 - Broken Access Control vulnerability — LoboCWE-862 | 4.3 | Medium | 2025-12-09 |
This page lists every published CVE security advisory associated with VanKarWai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.