Browse all 4 CVE security advisories affecting looks_awesome. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Looks_awesome is a web application framework primarily used for building dynamic user interfaces and single-page applications. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The framework's extensive plugin ecosystem has introduced additional security risks, with multiple CVEs documented in recent years. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests developers should implement strict input sanitization and security hardening measures when using looks_awesome in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-13866 | Flow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX action — Flow-Flow Social Feed StreamCWE-862 | 6.4 | Medium | 2025-12-12 |
| CVE-2025-32308 | WordPress Team Builder plugin <= 1.5.7 - Broken Access Control Vulnerability — Team BuilderCWE-862 | 7.6 | High | 2025-06-09 |
| CVE-2024-3238 | WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion — WordPress Menu Plugin — Superfly Responsive MenuCWE-352 | 8.8 | High | 2024-08-02 |
| CVE-2024-32553 | WordPress Superfly Menu plugin <= 5.0.25 - Subscriber+ Site-Wide Stored Cross Site Scripting (XSS) vulnerability — Superfly MenuCWE-79 | 7.1 | High | 2024-04-18 |
This page lists every published CVE security advisory associated with looks_awesome. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.