Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project blog vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-2435
The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, malicious users to include and execute arbitrary files on the server, allowing the execution of any ...
Blog-in-blog Project Blog-in-blog
4.8
CVSSv3
CVE-2023-2436
The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Blog-in-blog Project Blog-in-blog
9.8
CVSSv3
CVE-2017-14345
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
Blog Project Blog
9.8
CVSSv3
CVE-2017-14346
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
Blog Project Blog
8.8
CVSSv3
CVE-2022-23626
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload...
Blog Project Blog
6.1
CVSSv3
CVE-2023-27093
Cross Site Scripting vulnerability found in My-Blog allows malicious users to cause a denial of service via the Post function.
My-blog Project My-blog -
7.5
CVSSv3
CVE-2019-3494
Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter.
Simply-blog Project Simply-blog
6.1
CVSSv3
CVE-2022-4400
A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerabi...
Fs-blog Project Fs-blog -
4.3
CVSSv3
CVE-2023-1937
A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to...
My-blog Project My-blog -
4.3
CVSSv3
CVE-2022-27174
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and previous versions allows a remote unauthenticated malicious user to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page.
Easy Blog Project Easy Blog
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »