Browse all 3 CVE security advisories affecting infornweb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Infornweb develops web-based business solutions with a core focus on enterprise content management systems. Historically, the organization has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation weaknesses in its products. Security assessments indicate that input validation and access control mechanisms have been recurring issues. While no major public security incidents have been documented, the three CVEs assigned to Infornweb highlight persistent security challenges in their web applications, particularly around unauthenticated access and insufficient sanitization of user-supplied data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-31082 | WordPress News & Blog Designer Pack plugin <= 4.0 - Local File Inclusion vulnerability — News & Blog Designer PackCWE-98 | 8.1 | High | 2025-04-01 |
| CVE-2024-23502 | WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS) — Posts List Designer by Category – List Category Posts Or Recent PostsCWE-79 | 6.5 | Medium | 2024-01-31 |
| CVE-2023-5815 | News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion — Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, NewsCWE-98 | 8.1 | High | 2023-11-22 |
This page lists every published CVE security advisory associated with infornweb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.