Browse all 3 CVE security advisories affecting pressaholic. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pressaholic is a content management system primarily used for building and managing websites, particularly news portals and blogs. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its three recorded CVEs. The platform's security posture has been compromised through insufficient input validation and improper access controls, allowing attackers to execute arbitrary code, steal session cookies, or gain elevated privileges. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for rigorous security hardening and regular updates for organizations relying on this CMS.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-39409 | WordPress WordPress Video Robot - The Ultimate Video Importer plugin <= 1.20.0 - Reflected Cross Site Scripting (XSS) vulnerability — WordPress Video Robot - The Ultimate Video ImporterCWE-79 | 7.1 | High | 2025-05-19 |
| CVE-2024-52431 | WordPress WP Video Robot plugin <= 1.20.0 - SQL Injection vulnerability — WordPress Video Robot - The Ultimate Video ImporterCWE-89 | 9.3 | Critical | 2024-11-18 |
| CVE-2024-9192 | WP Video Robot <= 1.20.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update — WordPress Video Robot - The Ultimate Video ImporterCWE-269 | 8.8 | High | 2024-11-16 |
This page lists every published CVE security advisory associated with pressaholic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.