Browse all 5 CVE security advisories affecting letscms. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Letscms is a content management system designed for creating and managing websites, particularly popular among small to medium businesses. Historically, the platform has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. With five CVEs documented, these weaknesses often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations. Organizations using letscms should prioritize regular updates and implement security best practices to mitigate these known weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-11895 | Binary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object Reference — Binary MLM PlanCWE-639 | 4.3 | Medium | 2025-10-17 |
| CVE-2025-10038 | Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation — Binary MLM PlanCWE-266 | 6.5 | Medium | 2025-10-15 |
| CVE-2024-12384 | Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page' — Binary MLM For WooCommerceCWE-79 | 6.1 | Medium | 2025-01-07 |
| CVE-2024-12383 | Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Binary MLM For WooCommerceCWE-352 | 6.1 | Medium | 2025-01-07 |
| CVE-2024-12324 | Unilevel MLM Plan <= 1.1.0 - Reflected Cross-Site Scripting via 'page' — Unilevel MLM PlanCWE-79 | 6.1 | Medium | 2025-01-07 |
This page lists every published CVE security advisory associated with letscms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.