cbcvebase.

Flatpressblog Flatpress vulnerabilities

13 known vulnerabilities affecting flatpressblog/flatpressblog_flatpress.

Total CVEs
13
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2023-0947P2CRITICALCVSS 9.8PoC≥ unspecified, < 1.32023-02-22
CVE-2023-0947 [CRITICAL] CWE-22 CVE-2023-0947: Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
CVE-2022-4606P2CRITICALCVSS 9.8≥ unspecified, < 1.32022-12-18
CVE-2022-4606 [CRITICAL] CWE-98 CVE-2022-4606: PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
CVE-2023-1105P3HIGHCVSS 8.1≥ unspecified, < 1.32023-03-01
CVE-2023-1105 [HIGH] CWE-73 CVE-2023-1105: External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
CVE-2024-9847P3HIGHCVSS 8.0≥ unspecified, < 1.4.dev2025-03-20
CVE-2024-9847 [HIGH] CWE-352 CVE-2024-9847: FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow a FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of t
nvd
CVE-2024-4023P3HIGHCVSS 8.1≥ unspecified, < 1.32025-03-20
CVE-2024-4023 [HIGH] CWE-79 CVE-2024-4023: A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. Whe A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML file. This allows an attacker to execute arbitrary JavaScr
nvd
CVE-2024-9699P4MEDIUMCVSS 5.4≥ unspecified, < 1.4.dev2025-03-20
CVE-2024-9699 [MEDIUM] CWE-79 CVE-2024-9699: A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) a A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by other users. The issue is fixed in version 1.4.dev.
nvd
CVE-2023-1106P4MEDIUMCVSS 6.1≥ unspecified, < 1.32023-03-02
CVE-2023-1106 [MEDIUM] CWE-79 CVE-2023-1106: Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
CVE-2023-1104P4MEDIUMCVSS 5.4≥ unspecified, < 1.32023-03-01
CVE-2023-1104 [MEDIUM] CWE-79 CVE-2023-1104: Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
CVE-2022-4605P4MEDIUMCVSS 5.4≥ unspecified, < 1.32022-12-18
CVE-2022-4605 [MEDIUM] CWE-79 CVE-2022-4605: Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
CVE-2023-1107P4MEDIUMCVSS 5.4≥ unspecified, < 1.32023-03-02
CVE-2023-1107 [MEDIUM] CWE-79 CVE-2023-1107: Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
CVE-2023-1146P4MEDIUMCVSS 5.4≥ unspecified, < 1.32023-03-02
CVE-2023-1146 [MEDIUM] CWE-79 CVE-2023-1146: Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
CVE-2023-1147P4MEDIUMCVSS 5.4≥ unspecified, < 1.32023-03-02
CVE-2023-1147 [MEDIUM] CWE-79 CVE-2023-1147: Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
CVE-2023-1148P4MEDIUMCVSS 4.8≥ unspecified, < 1.32023-03-02
CVE-2023-1148 [MEDIUM] CWE-79 CVE-2023-1148: Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
nvd
Flatpressblog Flatpress vulnerabilities | cvebase