Getgrav Grav-Plugin-Admin vulnerabilities
11 known vulnerabilities affecting getgrav/grav-plugin-admin.
Total CVEs
11
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM9
Vulnerabilities
Page 1 of 1
CVE-2021-21425P1CRITICALCVSS 9.8PoCfixed in 1.10.8≤ 1.10.72021-04-07
CVE-2021-21425 [CRITICAL] CWE-284 CVE-2021-21425: Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and mod
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of exi
nvd
CVE-2021-29439P3HIGHCVSS 7.2fixed in 1.10.112021-04-13
CVE-2021-29439 [HIGH] CWE-863 CVE-2021-29439: The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a c
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vu
nvd
CVE-2025-66307P4MEDIUMCVSS 5.3≤ 1.10.502025-12-01
CVE-2025-66307 [MEDIUM] CWE-204 CVE-2025-66307: This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Gra
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" functionality at /admin/forgot leaks information about valid usernames and their associated email
nvd
CVE-2026-44737P4MEDIUMCVSS 6.2fixed in 1.10.49.52026-05-11
CVE-2026-44737 [MEDIUM] CWE-79 CVE-2026-44737: grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient
grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the data[header][title] parameter. As a result, attackers can craft a malicious URL with an XSS payload.
nvd
CVE-2025-66312P4MEDIUMCVSS 5.4≤ 1.10.502025-12-01
CVE-2025-66312 [MEDIUM] CWE-79 CVE-2025-66312: This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Gra
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious
nvd
CVE-2025-66308P4MEDIUMCVSS 5.4≤ 1.10.502025-12-01
CVE-2025-66308 [MEDIUM] CWE-79 CVE-2025-66308: This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Gra
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/config/site endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts i
nvd
CVE-2025-66311P4MEDIUMCVSS 5.4≤ 1.10.502025-12-01
CVE-2025-66311 [MEDIUM] CWE-79 CVE-2025-66311: This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Gra
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts
nvd
CVE-2025-66310P4MEDIUMCVSS 5.4≤ 1.10.502025-12-01
CVE-2025-66310 [MEDIUM] CWE-79 CVE-2025-66310: This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Gra
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts
nvd
CVE-2025-66309P4MEDIUMCVSS 6.1≤ 1.10.502025-12-01
CVE-2025-66309 [MEDIUM] CWE-79 CVE-2025-66309: This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Gra
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scrip
nvd
CVE-2021-3799P4MEDIUMCVSS 5.4fixed in 1.10.202021-09-27
CVE-2021-3799 [MEDIUM] CWE-1021 CVE-2021-3799: grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
nvd
CVE-2021-3920P4MEDIUMCVSS 5.4fixed in 1.10.252021-11-19
CVE-2021-3920 [MEDIUM] CWE-79 CVE-2021-3920: grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cro
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd