Pligg Cms vulnerabilities
43 known vulnerabilities affecting pligg/pligg_cms.
Total CVEs
43
CISA KEV
0
Public exploits
13
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH28MEDIUM12
Vulnerabilities
Page 2 of 3
CVE-2024-42611P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42611 [HIGH] CWE-352 CVE-2024-42611: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
nvd
CVE-2024-42618P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42618 [HIGH] CWE-352 CVE-2024-42618: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /mo
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
nvd
CVE-2024-42607P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42607 [HIGH] CWE-352 CVE-2024-42607: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
nvd
CVE-2024-42610P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42610 [HIGH] CWE-352 CVE-2024-42610: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files
nvd
CVE-2024-42621P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42621 [HIGH] CWE-352 CVE-2024-42621: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
nvd
CVE-2024-42616P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42616 [HIGH] CWE-352 CVE-2024-42616: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics
nvd
CVE-2024-42617P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42617 [HIGH] CWE-352 CVE-2024-42617: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
nvd
CVE-2024-42608P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42608 [HIGH] CWE-352 CVE-2024-42608: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.
nvd
CVE-2024-42613P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42613 [HIGH] CWE-352 CVE-2024-42613: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet
nvd
CVE-2024-42612P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42612 [HIGH] CWE-352 CVE-2024-42612: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
nvd
CVE-2024-42619P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42619 [HIGH] CWE-352 CVE-2024-42619: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
nvd
CVE-2024-42609P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42609 [HIGH] CWE-352 CVE-2024-42609: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
nvd
CVE-2024-42605P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42605 [HIGH] CWE-352 CVE-2024-42605: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
nvd
CVE-2024-42606P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42606 [HIGH] CWE-352 CVE-2024-42606: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1
nvd
CVE-2024-42603P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42603 [HIGH] CWE-352 CVE-2024-42603: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall
nvd
CVE-2012-2435P4MEDIUMCVSS 6.5≤ 1.2.1v1.0.0+14 more2012-05-27
CVE-2012-2435 [MEDIUM] CWE-22 CVE-2012-2435: Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote auth
Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.
nvd
CVE-2009-4787P4MEDIUMCVSS 6.8≤ 1.0.2v1.0.0+1 more2010-04-21
CVE-2009-4787 [MEDIUM] CWE-352 CVE-2009-4787: Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attack
Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact.
nvd
CVE-2009-4786P4MEDIUMCVSS 4.3≤ 1.0.2v1.0.0+5 more2010-04-21
CVE-2009-4786 [MEDIUM] CWE-79 CVE-2009-4786: Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php.
nvd
CVE-2012-2936P4MEDIUMCVSS 4.3≤ 1.2.1v1.0.0+14 more2012-05-27
CVE-2012-2936 [MEDIUM] CWE-79 CVE-2012-2936: Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php; or list parameter in a (3) move or (4) minimize action to (c) admin/admin_index.php.
nvd
CVE-2009-4788P4MEDIUMCVSS 4.3≤ 1.0.2v1.0.0+5 more2010-04-21
CVE-2009-4788 [MEDIUM] CWE-20 CVE-2009-4788: Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect
Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php.
nvd