Portfolio
This hub aggregates every CVE we track for Portfolio, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
0
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM6HIGH5LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 12 most recently published vulnerabilities affecting Portfolio.
- CVE-2025-58245WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability5.9
- CVE-2014-125109BestWebSoft Portfolio Plugin bws_menu.php bws_add_menu_render cross site scripting3.5
- CVE-2012-10017BestWebSoft Portfolio Plugin cross-site request forgery4.3
- CVE-2023-23685WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)6.5
- CVE-2022-24255Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.8.8
- CVE-2022-24254An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.8.8
- CVE-2022-24253Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.8.8
- CVE-2022-24252An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.8.8
- CVE-2022-24251Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.8.8
- CVE-2018-18087The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio edit...5.4
- CVE-2017-2171Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form...6.1
- CVE-2015-6523Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspe...6.8
Product normalization is registry-driven with AI assist and human review. How it works