winter/wn-backend-module Security Advisories (3)
-
[CRITICAL] Winter vulnerable to privilege escalation by authenticated backend users
PKSA-4n8n-yrbw-13gr CVE-2026-27591 GHSA-pgpf-m8m4-6cg6
Affected version: <1.0.477|>=1.1.0,<1.1.12|>=1.2.0,<1.2.12
Reported by:
GitHub -
[LOW] Winter CMS Local File Inclusion through Server Side Template Injection
PKSA-jmfx-ybbt-h9sn CVE-2023-52085 GHSA-2x7r-93ww-cxrq
Affected version: <1.2.4
Reported by:
GitHub -
[LOW] Winter CMS Stored XSS through Backend ColorPicker FormWidget
PKSA-bqyd-f44h-g5jx CVE-2023-52084 GHSA-43w4-4j3c-jx29
Affected version: <1.2.4
Reported by:
GitHub