Browse all 5 CVE security advisories affecting publitio. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Publitio operates as a cloud-based media management platform enabling storage, optimization, and delivery of digital assets. Historically, the service has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its five recorded CVEs. These vulnerabilities often stem from improper input validation and insufficient access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in areas like file upload mechanisms and API endpoints suggests ongoing challenges in secure coding practices. The platform's core functionality as a content delivery system makes such security issues particularly concerning given the potential for widespread impact.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62947 | WordPress Publitio plugin <= 2.2.5 - Sensitive Data Exposure vulnerability — PublitioCWE-201 | 5.0 | Medium | 2025-10-27 |
| CVE-2025-58962 | WordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) Vulnerability — PublitioCWE-918 | 6.4 | Medium | 2025-09-22 |
| CVE-2025-31800 | WordPress Publitio plugin <= 2.2.0 - Arbitrary File Read vulnerability — PublitioCWE-22 | 6.5 | Medium | 2025-04-03 |
| CVE-2025-31799 | WordPress Publitio plugin <= 2.1.8 - Broken Access Control vulnerability — PublitioCWE-862 | 4.3 | Medium | 2025-04-01 |
| CVE-2025-31798 | WordPress Publitio Plugin <= 2.1.8 - Broken Access Control vulnerability — PublitioCWE-862 | 4.3 | Medium | 2025-04-01 |
This page lists every published CVE security advisory associated with publitio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.