Browse all 7 CVE security advisories affecting withstudiocms. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Withstudiocms is a content management system designed for creating and managing websites, particularly favored by small to medium businesses. Historically, it has been susceptible to multiple vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation, as evidenced by its seven recorded CVEs. The platform's security posture has been compromised by insufficient input validation and inadequate access controls in past versions. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for rigorous security updates and careful configuration to mitigate risks associated with its deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32638 | StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens — studiocmsCWE-639 | 2.7 | Low | 2026-03-18 |
| CVE-2026-32104 | StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings — studiocmsCWE-639 | 5.4 | Medium | 2026-03-11 |
| CVE-2026-32106 | StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts — studiocmsCWE-269 | 4.7 | Medium | 2026-03-11 |
| CVE-2026-32103 | StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation — studiocmsCWE-639 | 6.8 | Medium | 2026-03-11 |
| CVE-2026-30945 | StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service — studiocmsCWE-639 | 7.1 | High | 2026-03-10 |
| CVE-2026-30944 | StudioCMS Affected by Privilege Escalation via Insecure API Token Generation — studiocmsCWE-639 | 8.8 | High | 2026-03-10 |
| CVE-2026-24134 | StudioCMS has an Authorization Bypass Through User-Controlled Key — studiocmsCWE-639 | 6.5 | Medium | 2026-01-27 |
This page lists every published CVE security advisory associated with withstudiocms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.