Aggregates CVE and security vulnerability intelligence across all poeditor-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting and vendor risk csrf; exposure may include vendor impact session compromise in vendor surface production workloads and vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-32453 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8. | [email protected] | 5.9 | 0.14% | 2024-04-15 | 2026-04-28 |
| CVE-2023-32091 | Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | [email protected] | 5.4 | 0.09% | 2023-10-03 | 2024-11-21 |
| CVE-2023-4209 | The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks. | [email protected] | 4.3 | 0.09% | 2023-08-30 | 2025-04-23 |