Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

VowelWeb — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting VowelWeb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vowelweb is a web application framework primarily used for building dynamic websites and web services. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 15 recorded CVEs. The framework's security posture has been characterized by inconsistent input validation and insufficient access controls in earlier versions. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities across multiple CVEs suggests ongoing challenges in secure coding practices. Recent versions have shown improved security, but legacy deployments may remain vulnerable to exploitation.

Top products by VowelWeb: Ibtana – WordPress Website Builder Ibtana VW Automobile Lite VW Storefront Industrial Lite Sirat VW Pet Shop VW Portfolio VW Education Lite VW School Education VW Fitness VW Photography
CVE IDTitleCVSSSeverityPublished
CVE-2026-1834 Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ibtana – WordPress Website BuilderCWE-80 6.4 Medium2026-03-31
CVE-2026-32435 WordPress VW Pet Shop theme <= 1.4.7 - Broken Access Control vulnerability — VW Pet ShopCWE-862 5.3 Medium2026-03-13
CVE-2026-32437 WordPress VW Portfolio theme <= 1.3.3 - Broken Access Control vulnerability — VW PortfolioCWE-862 5.3 Medium2026-03-13
CVE-2026-32438 WordPress VW School Education theme <= 1.4.6 - Broken Access Control vulnerability — VW School EducationCWE-862 5.3 Medium2026-03-13
CVE-2026-32434 WordPress VW Fitness theme <= 4.3.4 - Broken Access Control vulnerability — VW FitnessCWE-862 5.3 Medium2026-03-13
CVE-2026-32436 WordPress VW Photography theme <= 1.3.8 - Broken Access Control vulnerability — VW PhotographyCWE-862 5.3 Medium2026-03-13
CVE-2026-32427 WordPress VW Education Lite plugin <= 2.2.0 - Broken Access Control vulnerability — VW Education LiteCWE-862 5.3 Medium2026-03-13
CVE-2025-39385 WordPress Sirat theme <= 1.5.1 - Broken Access Control vulnerability — SiratCWE-862 4.3 Medium2025-04-24
CVE-2025-26955 WordPress Industrial Lite theme <= 1.0.8 - Broken Access Control vulnerability — Industrial LiteCWE-862 4.3 Medium2025-04-15
CVE-2024-13686 VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset — VW StorefrontCWE-862 4.3 Medium2025-03-04
CVE-2024-56234 WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability — VW Automobile LiteCWE-862 5.4 Medium2024-12-31
CVE-2024-37123 WordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerability — IbtanaCWE-862 5.3 Medium2024-11-01
CVE-2024-8282 Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute — Ibtana – WordPress Website BuilderCWE-79 6.4 Medium2024-10-02
CVE-2024-5541 Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update — Ibtana – WordPress Website BuilderCWE-862 5.3 Medium2024-06-18
CVE-2023-6684 Ibtana – WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ibtana – WordPress Website BuilderCWE-79 6.4 Medium2024-01-11

This page lists every published CVE security advisory associated with VowelWeb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.