Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craft cms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-23409
The Logs plugin prior to 3.0.4 for Craft CMS allows remote malicious users to read arbitrary files via input to actionStream in Controller.php.
Ethercreative Logs
5.8
CVSSv2
CVE-2020-13486
The Knock Knock plugin prior to 1.2.8 for Craft CMS allows malicious redirection.
Verbb Knock Knock
4.3
CVSSv2
CVE-2020-13868
An issue exists in the Comments plugin prior to 1.5.5 for Craft CMS. CSRF affects comment integrity.
Verbb Comments
3.5
CVSSv2
CVE-2020-9311
In SilverStripe up to and including 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Silverstripe Silverstripe
6.4
CVSSv2
CVE-2020-13485
The Knock Knock plugin prior to 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
Verbb Knock Knock
3.5
CVSSv2
CVE-2020-13869
An issue exists in the Comments plugin prior to 1.5.6 for Craft CMS. There is stored XSS via a guest name.
Verbb Comments
3.5
CVSSv2
CVE-2020-13870
An issue exists in the Comments plugin prior to 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
Verbb Comments
3.5
CVSSv2
CVE-2020-13459
An issue exists in the Image Resizer plugin prior to 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
Verbb Image Resizer
6.8
CVSSv2
CVE-2020-13458
An issue exists in the Image Resizer plugin prior to 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
Verbb Image Resizer
7.5
CVSSv2
CVE-2021-41749
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated malicious users to perform a Server-Side Template Injection, allowing for remote code execution.
Nystudio107 Seomatic
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »