Browse all 4 CVE security advisories affecting ctltwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ctltwp is a WordPress plugin designed for content management and layout customization, primarily used by website administrators to enhance site functionality. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin's four CVE records indicate consistent security concerns, with flaws often stemming from insufficient input validation and improper access controls. While no major public incidents have been widely documented, the pattern of vulnerabilities suggests potential risks for unpatched implementations, particularly in environments where user permissions are not strictly configured.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-46537 | WordPress Section Widget plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability — Section WidgetCWE-79 | 7.1 | High | 2025-05-23 |
| CVE-2025-46441 | WordPress Section Widget plugin <= 3.3.1 - Path Traversal vulnerability — Section WidgetCWE-35 | 5.3 | Medium | 2025-05-19 |
| CVE-2025-47551 | WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Wiki EmbedCWE-352 | 4.3 | Medium | 2025-05-07 |
| CVE-2025-24691 | WordPress People Lists plugin <= 1.3.10 - Broken Access Control vulnerability — People ListsCWE-862 | 4.3 | Medium | 2025-01-24 |
This page lists every published CVE security advisory associated with ctltwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.