Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ghost ghost vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2016-10983
The ghost plugin prior to 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.
Ghost Ghost
NA
CVE-2023-32235
Ghost prior to 5.42.1 allows remote malicious users to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.
Ghost Ghost
1 Github repository
NA
CVE-2024-23725
Ghost prior to 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
Ghost Ghost
NA
CVE-2023-31133
Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fiel...
Ghost Ghost
NA
CVE-2023-40028
Ghost is an open source content management system. Versions before 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site admi...
Ghost Ghost
2 Github repositories
NA
CVE-2022-41654
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
Ghost Ghost
383
VMScore
CVE-2021-29484
Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter ...
Ghost Ghost
490
VMScore
CVE-2020-8134
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an malicious user to scan local or external network or otherwise interact with internal systems.
Ghost Ghost
578
VMScore
CVE-2021-39192
Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escal...
Ghost Ghost
NA
CVE-2022-47194
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger...
Ghost Ghost 5.9.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »