Browse all 4 CVE security advisories affecting cmsMinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.
cmsMinds develops content management systems primarily for small to medium businesses. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely documented, the four CVEs associated with their products highlight recurring security weaknesses in their core functionality. Their security posture appears to focus on basic protections rather than implementing advanced security measures, leaving their systems potentially exposed to exploitation by threat actors targeting CMS platforms with known vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-52777 | WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability — Pay with Contact Form 7CWE-79 | 7.1 | High | 2025-07-16 |
| CVE-2025-24772 | WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability — Pay with Contact Form 7CWE-352 | 5.4 | Medium | 2025-06-06 |
| CVE-2025-32126 | WordPress Pay with Contact Form 7 Plugin <= 1.0.4 - SQL Injection vulnerability — Pay with Contact Form 7CWE-89 | 7.6 | High | 2025-04-04 |
| CVE-2024-52376 | WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability — Boat Rental Plugin for WordPressCWE-434 | 10.0 | Critical | 2024-11-14 |
This page lists every published CVE security advisory associated with cmsMinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.