Echo
This hub aggregates every CVE we track for Echo, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
1
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM2HIGH1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 4 most recently published vulnerabilities affecting Echo.
- CVE-2025-53432WordPress Echo theme <= 1.15.0 - Local File Inclusion vulnerability8.1
- CVE-2020-36565Directory traversal on Windows in github.com/labstack/echo/v45.3
- CVE-2022-40083Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forge...9.6
- CVE-2015-8007The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as dem...4.0
Product normalization is registry-driven with AI assist and human review. How it works