Browse all 5 CVE security advisories affecting falselight. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Falselight is a JavaScript library used for creating lightweight UI components, commonly employed in web applications for dynamic rendering. Historically, it has been vulnerable to multiple cross-site scripting (XSS) flaws, remote code execution (RCE) through unsafe deserialization, and privilege escalation via improper access controls. The library's security issues stem from its flexible configuration options and lack of input sanitization. Five CVEs have been recorded, including critical RCE vulnerabilities in versions prior to 2.1.0. No major public security incidents have been documented, though the consistent pattern of vulnerabilities suggests developers should implement strict input validation and consider alternative libraries for security-sensitive applications.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58624 | WordPress Exchange Rates Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability — Exchange RatesCWE-79 | 6.5 | Medium | 2025-09-03 |
| CVE-2025-30864 | WordPress Exchange Rates plugin <= 1.2.2 - Broken Access Control vulnerability — Exchange RatesCWE-862 | 4.3 | Medium | 2025-03-27 |
This page lists every published CVE security advisory associated with falselight. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.