Browse all 3 CVE security advisories affecting bompus. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bompus serves as a web application framework primarily used for building dynamic content management systems. Historically, it has been susceptible to remote code execution vulnerabilities due to unsafe deserialization and improper input validation, along with cross-site scripting flaws through unfiltered user inputs. Privilege escalation vulnerabilities have also been documented, often stemming from weak access controls. The three CVEs associated with Bompus highlight consistent patterns of insecure coding practices, particularly in handling user-supplied data and session management. No major public security incidents have been reported, but the recurring nature of these vulnerabilities suggests a need for enhanced security testing and input sanitization within the framework's core functionality.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14452 | WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter — WP Customer ReviewsCWE-79 | 7.2 | High | 2026-02-19 |
| CVE-2023-4686 | WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure — WP Customer ReviewsCWE-862 | 4.3 | Medium | 2023-11-22 |
| CVE-2023-4648 | WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting — WP Customer ReviewsCWE-79 | 4.4 | Medium | 2023-10-20 |
This page lists every published CVE security advisory associated with bompus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.