Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Flatpress Subscribe
Filtered by product Flatpress
Total 28 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4748 1 Flatpress 1 Flatpress 2024-11-21 N/A 5.5 MEDIUM
A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. It is recommended to apply a patch to fix this issue. The identifier VDB-216861 was assigned to this vulnerability.
CVE-2022-4606 1 Flatpress 1 Flatpress 2024-11-21 N/A 9.8 CRITICAL
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2022-4605 1 Flatpress 1 Flatpress 2024-11-21 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2022-40048 1 Flatpress 1 Flatpress 2024-11-21 N/A 7.2 HIGH
Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.
CVE-2022-40047 1 Flatpress 1 Flatpress 2024-11-21 N/A 5.4 MEDIUM
Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
CVE-2022-24588 1 Flatpress 1 Flatpress 2024-11-21 3.5 LOW 5.4 MEDIUM
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
CVE-2021-41432 1 Flatpress 1 Flatpress 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.
CVE-2020-22761 1 Flatpress 1 Flatpress 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.