matthewdeaves/willow

Releases51

Frequency1 week 1 day

Last Release 6 months ago

A modern, AI-enhanced CMS built with CakePHP 5. Features AI-powered SEO optimization, automated translation (25+ languages via Claude & Google Translate), image galleries with AI analysis, hierarchical tagging, and comment moderation. Includes complete Docker dev environment with 290+ tests.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-12330 ↗	Oct 27, 2025Monday, 27 October 2025, 22:15	2.4 LOW	3.3 LOW
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-12331 ↗	Oct 27, 2025Monday, 27 October 2025, 22:15	4.7 MEDIUM	5.8 MEDIUM
A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.