Browse all 7 CVE security advisories affecting cmsmasters. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CMS Masters develops WordPress themes and plugins for website creation, with 7 CVEs recorded. Historically, vulnerabilities include stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, often stemming from insufficient input validation and improper access controls. Security assessments reveal inconsistent sanitization of user-supplied data and inadequate permission checks in administrative functions. While no major public incidents are documented, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Users should implement strict input validation, keep installations updated, and apply least privilege principles to mitigate risks associated with these components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-9694 | CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — CMSMasters Elementor AddonCWE-79 | 6.4 | Medium | 2024-12-03 |
This page lists every published CVE security advisory associated with cmsmasters. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.