What is the official website of Craft CMS ?

The official website of Craft CMS is https://craftcms.com/.

What is Craft CMS's cybersecurity risk score?

Craft CMS has an AI-generated cybersecurity risk score of 732 out of 1000, indicating a Moderate security posture according to Rankiteo's assessment.

How many security incidents has Craft CMS experienced?

According to Rankiteo, Craft CMS currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Craft CMS been affected by any supply chain cyber incidents ?

According to Rankiteo, Craft CMS has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Craft CMS have SOC 2 Type 1 certification ?

According to Rankiteo, Craft CMS is not certified under SOC 2 Type 1.

Does Craft CMS have SOC 2 Type 2 certification ?

According to Rankiteo, Craft CMS does not hold a SOC 2 Type 2 certification.

Does Craft CMS comply with GDPR ?

According to Rankiteo, Craft CMS is not listed as GDPR compliant.

Does Craft CMS have PCI DSS certification ?

According to Rankiteo, Craft CMS does not currently maintain PCI DSS compliance.

Does Craft CMS comply with HIPAA ?

According to Rankiteo, Craft CMS is not compliant with HIPAA regulations.

Does Craft CMS have ISO 27001 certification ?

According to Rankiteo,Craft CMS is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Craft CMS operate in ?

Craft CMS operates primarily in the Technology, Information and Internet industry.

How many employees does Craft CMS have ?

Craft CMS employs approximately 6 people worldwide.

Does Craft CMS own any subsidiaries ?

Craft CMS presently has no subsidiaries across any sectors.

How many LinkedIn followers does Craft CMS have ?

Craft CMS's official LinkedIn profile has approximately 2,090 followers.

What is the NAICS classification code for Craft CMS ?

Craft CMS is classified under the NAICS code 513, which corresponds to Others.

Does Craft CMS have a Crunchbase profile ?

No, Craft CMS does not have a profile on Crunchbase.

Does Craft CMS have a LinkedIn profile ?

Yes, Craft CMS maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/craftcms.

How many cybersecurity incidents has Craft CMS experienced ?

As of June 22, 2026, Rankiteo reports that Craft CMS has experienced 2 cybersecurity incidents.

How many peer or competitor companies does Craft CMS have ?

Craft CMS has an estimated 14,819 peer or competitor companies worldwide.

What types of cybersecurity incidents has Craft CMS faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Craft CMS

Boost Score +25 with badge (5 left)

732

/1000

Moderate

757

/1000

Fair

Craft CMS Vendor Cyber Rating & Cyber Score

craftcms.com

Add Your Compliance Badge

Craft is a content-first CMS that aims to make life enjoyable for developers and content managers alike.

Craft CMS A.I CyberSecurity Scoring

Scoring History

Craft CMS

Craft CMS CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Craft CMS

Vulnerability

100

3/2026

CRA1774268712

Craft CMS

Cyber Attack

5/2025

CRA455054511302...

Loading…

A.I.

Craft CMS Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Craft CMS

Incidents vs Technology, Information and Internet Industry Avg (This Year)

Craft CMS has 37.89% fewer incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Craft CMS has 6.54% fewer incidents than the average of all companies with at least one recorded incident.

Incident Types Craft CMS vs Technology, Information and Internet Industry Avg (This Year)

Craft CMS reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History - Craft CMS (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Craft CMS Subsidiaries

Parent Company

Craft CMS

Technology, Information and Internet

Website: https://craftcms.com/

Company Size: 11-50 employees

No subsidiary data available for this company.

Loading…

Craft CMS Similar Companies

Zomato

cb zomato.com

Zomato’s mission statement is “better food for more people.” Since our inception in 2010, we have grown tremendously, both in scope and scale - and emerged as India’s most trusted brand during the pandemic, along with being one of the largest hyperlocal delivery networks in the country. Today, Zomato represents a wide range of cultures through its diversified 5000+ team members, 3.5 lakh+ delivery partners, and our biggest collective of the finest restaurant partners. We are grateful that our business is able to provide upward social and economic movement for millions of households – of our delivery partners, as well as restaurant staff. We think of all of us as one big family! Our passion is driven by purpose and we take immense pride in our initiative ‘Feeding India’, one of India’s largest not-for-profits working to ensure that nobody in India goes to bed hungry. As of now, Feeding India provides over 150,000 nutritious meals to the underprivileged every day. In April 2020, Feeding India ran one of the largest food distribution drives in the world during the first wave of COVID, and distributed 78 million meals to daily wagers across the length and breadth of the country. During the second wave of COVID-19, Feeding India was again the first to act. We were able to source over 9,000 oxygen concentrators and distributed them for free to government hospitals across the country. This helped save millions of lives during one of the worst humanitarian crises faced by India in the recent times. We’re innovating hard to make last-mile delivery carbon neutral, to eliminate the use of plastic packaging, create meaningful opportunities in the gig economy, and to feed our country’s ever-growing appetite for high-quality, affordable, and hygienic food, one delivery at a time!

NetEase

cb netease.com

As a leading internet technology company based in China, NetEase, Inc. (NASDAQ: NTES and HKEX:9999, "NetEase") provides premium online services centered around content creation. With extensive offerings across its expanding gaming ecosystem, NetEase develops and operates some of China's most popular and longest running mobile and PC games. Powered by industry-leading inhouse R&D capabilities in China and globally, NetEase creates superior gaming experiences, inspires players and passionately delivers value for its thriving community worldwide. Beyond games, NetEase service offerings include its majority-controlled subsidiaries Youdao (NYSE:DAO), China's leading technology-focused intelligent learning company, and Cloud Music (HKEX:9899), China's leading online music content community, as well as Yanxuan, NetEase's private label consumer lifestyle brand.

Primary School

primaryschool.com.au

www.primaryschool.com.au is a directory of sites for students and lesson plans and reference material for teachers and parents. It is currently averaging up to 350,000 unique visitors a month and has over 44,000 subscribers to its free weekly newsletter which showcases the latest internet based resources. The site ranks first in results for primary school related searches in Google. It is popular because it is simple, safe and relevant.

IndiaMART InterMESH Limited

cb indiamart.com

IndiaMART is India's largest online B2B marketplace, connecting buyers with suppliers across a wide array of industries. IndiaMART provides a platform for Small & Medium Enterprises (SMEs), large enterprises, and individual buyers, helping them access diverse portfolios of quality products. Since 1999, IndiaMART’s mission has been to make doing business easy. Today, over 21.9 Crore buyers can explore and choose from 12.4 Crore products, sourced from 86 Lakh suppliers, creating a one-stop platform for all business needs. IndiaMART offers enhanced business visibility and credibility for suppliers, with tools designed to support business growth and operational efficiency. With a dedicated workforce of over 5000 employees across India, IndiaMART continues to facilitate seamless connections and provide a trusted marketplace for businesses to thrive.

Meesho

meesho.io

Meesho is India’s e-commerce marketplace, on a mission to democratise internet commerce. Our multi-sided technology platform connects four key stakeholders — consumers, sellers, logistics partners, and content creators — to power inclusive growth at scale. We enable individuals and small businesses to sell online with ease, offering access to a wide customer base, integrated logistics, payment solutions, and platform support. For customers, Meesho offers a broad and affordable selection, tailored for diverse needs across Bharat. We also empower creators to build commerce-driven content that drives discovery and engagement. Our logistics operations are powered by Valmo, Meesho’s asset-light logistics platform that works entirely through partner-led infrastructure to ensure cost-efficient and scalable deliveries.

SLB

slb.com

We are a technology company that unlocks access to energy for the benefit of all. As innovators, that’s been our mission for nearly a century. Today, we face a global imperative to create a future with more energy, but less carbon. Our diverse, innovative change makers are focused on going further in innovation and inventing the new energy technologies we need to get there.

Avnet

avnet.com

Avnet is a global electronic components distributor with extensive design, product, marketing and supply chain expertise for customers and suppliers at every stage of the product lifecycle. For the past 100 years, Avnet has helped its customers and suppliers around the world realize the transformative possibilities of technology. Our culture was founded on new ideas and emerging technology. Headquartered in Phoenix, Arizona, Avnet is a leading global technology distributor and solutions provider at the center of the technology value chain. Founded in 1921, we work with suppliers in every major technology segment to serve customers worldwide across a broad range of markets. Whether working on large-scale production or early prototypes, we meet customer needs through individualized, end-to-end service to streamline solutions and improve efficiency for customers worldwide. We serve more than 1 million customers in more than 140 countries and partner with global suppliers from almost every technology segment. Learn more about Avnet at www.avnet.com.

Fanatics

fanaticsinc.com

Fanatics is a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally.

Lenskart.com

lenskart.com

At Lenskart, we believe that clear vision is fundamental to the personal development and well-being of an individual, and our aim is to build tech-enabled solutions that improve access to affordable and quality ‘Eyewear for All’. We commenced our operations in India as an online business in 2010 and opened our first retail store in New Delhi in 2013. Since then, we have scaled through both the online and offline channels and have established a presence through our retail stores, websites, mobile applications, and other channels.

Loading…

NEWS

Craft CMS CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 23, 2026 05:34 PM

Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems

Cloud Software Group has released urgent security patches for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix...

Read Article

March 23, 2026 03:34 PM

MacOS Stealer MioLab Adds ClickFix Delivery, Wallet Theft and Team API Tools

MioLab macOS infostealer targets Apple users with MaaS model, using a small payload to evade antivirus and steal sensitive data.

Read Article

March 23, 2026 12:18 PM

CISA Warns of Craft CMS Code Injection Flaw Exploited in the Wild

Federal agencies and all Craft CMS users are being urged to patch or mitigate immediately due to confirmed in-the-wild attacks.

Read Article

March 23, 2026 12:15 PM

US cyber security agency gives deadline to federal agencies to fix Darksword spyware threat on Apple devices

America's cyber security agency CISA has added five new security flaws to its Known Exploited Vulnerabilities list. These flaws are actively...

Read Article

March 23, 2026 11:53 AM

CISA Warns of Craft CMS Code Injection Flaw Exploited in Active Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Craft CMS to its Known...

Read Article

March 23, 2026 11:45 AM

Windows 11 Emergency Update to Fix 'No Internet' Sign-In Errors for OneDrive, Teams, and More

Microsoft has released an out-of-band (OOB) update, KB5085516, for Windows 11 versions 25H2 and 24H2 to address a critical sign-in issue...

Read Article

March 23, 2026 11:16 AM

CISA Warns of Craft CMS Code Injection Vulnerability Exploited in Attacks

Craft CMS flaw is now in the KEV catalog with active exploitation confirmed, and requires immediate patching to prevent compromise.

Read Article

March 23, 2026 10:23 AM

US cyber security agency gives deadline to Federal agencies to fix Darksword spyware threat on Apple devi

Tech News News: US cyber security agency Cybersecurity and Infrastructure Security Agency (CISA) has added five new security flaws to its...

Read Article

March 23, 2026 10:21 AM

GBHackers Security | #1 Globally Trusted Cyber Security News Platform | GBhackers Offering Exclusive Cyber Security News Coverage, New Research papers & Technology Updates.

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Craft CMS to its Known...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12814

SUMMARY

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-21

Updated

Date2026-06-21

RISK INFORMATION (Score: 6.3)

cvss2

Base Score: 6.5

Complexity: LOW

AV:N/AC:L/Au:S/C:P/I:P/A:P

cvss3

Base Score: 6.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

2.8

REFERENCES

CVE-2026-12813

SUMMARY

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-21

Updated

Date2026-06-21

RISK INFORMATION (Score: 6.3)

cvss2

Base Score: 6.5

Complexity: LOW

AV:N/AC:L/Au:S/C:P/I:P/A:P

cvss3

Base Score: 6.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

2.8

REFERENCES

CVE-2026-12812

SUMMARY

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-21

Updated

Date2026-06-21

RISK INFORMATION (Score: 3.5)

cvss2

Base Score: 4.0

Complexity: LOW

AV:N/AC:L/Au:S/C:N/I:P/A:N

cvss3

Base Score: 3.5

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

1.4

Exploitability

2.1

REFERENCES

CVE-2026-12811

SUMMARY

A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.8.39 can resolve this issue. This patch is called f5dec7aa0c1b8fa0125938f292c0f2430ca75f6c. It is advisable to upgrade the affected component. The researcher explains: "The issue was fixed in v0.8.39 without notifying the wider user base via a security disclosure."

Published

Date2026-06-21

Updated

Date2026-06-21

RISK INFORMATION (Score: 4.3)

cvss2

Base Score: 5.0

Complexity: LOW

AV:N/AC:L/Au:N/C:N/I:P/A:N

cvss3

Base Score: 4.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

cvss4

Base Score: 2.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

1.4

Exploitability

2.8

REFERENCES

CVE-2026-12810

SUMMARY

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-21

Updated

Date2026-06-21

RISK INFORMATION (Score: 6.3)

cvss2

Base Score: 6.5

Complexity: LOW

AV:N/AC:L/Au:S/C:P/I:P/A:P

cvss3

Base Score: 6.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

2.8

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…