Plone Volto vulnerabilities
3 known vulnerabilities affecting plone/volto.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2025-61668HIGHCVSS 8.7fixed in 16.34.1v>= 17.0.0, < 17.22.2+2 more2025-10-02
CVE-2025-61668 [HIGH] CWE-476 CVE-2025-61668: Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and belo
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.2
ghsanvdosv
CVE-2025-58047HIGHCVSS 7.5fixed in 16.34.0v>= 17.0.0, < 17.22.1+2 more2025-08-28
CVE-2025-58047 [HIGH] CWE-755 CVE-2025-58047: Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alp
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in ve
ghsanvdosv
CVE-2022-24740HIGHCVSS 7.5≥ 14.1.0, ≤ 14.10.0v14.0.0+2 more2022-03-14
CVE-2022-24740 [HIGH] CWE-287 CVE-2022-24740: Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-a
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and privileges. This occurs when using an outdated version of
ghsanvdosv