Browse all 4 CVE security advisories affecting codeworkweb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Codeworkweb develops web applications and platforms, with core use cases spanning content management and e-commerce solutions. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and misconfigured access controls. While no major public security incidents have been documented, their CVE record indicates persistent security challenges, particularly in authentication mechanisms and third-party component integrations. The organization's security posture appears reactive rather than preventive, with vulnerabilities typically addressed after disclosure rather than through proactive security testing.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67473 | WordPress CWW Companion plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability — CWW CompanionCWE-352 | 4.3 | Medium | 2025-12-09 |
| CVE-2025-39359 | WordPress CWW Portfolio theme <= 1.3.1 - Local File Inclusion vulnerability — CWW PortfolioCWE-98 | 7.5 | High | 2025-04-24 |
| CVE-2025-39383 | WordPress Xews Lite plugin <= 1.0.9 - Local File Inclusion vulnerability — Xews LiteCWE-98 | 7.5 | High | 2025-04-24 |
| CVE-2024-2130 | CWW Companion <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — CWW CompanionCWE-79 | 6.4 | Medium | 2024-03-12 |
This page lists every published CVE security advisory associated with codeworkweb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.