Browse all 3 CVE security advisories affecting krishaweb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
KrishaWeb is a web development company specializing in custom website and application solutions for small to medium businesses. Historically, their products have been vulnerable to common web application flaws including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. The company has three CVEs on record, primarily related to input validation issues and insecure direct object references. While no major security incidents have been publicly documented, the consistent pattern of vulnerabilities suggests a need for improved secure coding practices. Their client base may be at risk from exploitation of these weaknesses, particularly if proper patch management is not implemented.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-11999 | Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update — Multi Location MarkerCWE-862 | 5.3 | Medium | 2025-11-11 |
| CVE-2024-10898 | Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion — Email addon for CF7CWE-98 | 8.8 | High | 2024-11-21 |
| CVE-2022-45080 | WordPress Add Multiple Marker Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) — Add Multiple MarkerCWE-352 | 5.4 | Medium | 2023-04-23 |
This page lists every published CVE security advisory associated with krishaweb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.