Latest flatpress flatpress Vulnerabilities

CVE-2023-1147
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<1.3
CVE-2023-1148
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<1.3
CVE-2023-1146
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<1.3
CVE-2023-1107
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<1.3
CVE-2023-1106
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<1.3
CVE-2023-1104
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<1.3
CVE-2023-1105
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<2022-12-25
CVE-2023-0947
Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<=1.2.1
CVE-2022-4822
A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulatio...
Flatpress Flatpress
CVE-2022-4821
A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handle...
Flatpress Flatpress
CVE-2022-4820
A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation le...
Flatpress Flatpress
CVE-2022-4755
A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media...
Flatpress Flatpress
CVE-2022-4748
A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the compon...
Flatpress Flatpress
CVE-2022-4605
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<=1.2.1
CVE-2022-4606
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
Flatpress Flatpress<=1.2.1
CVE-2022-40047
Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
Flatpress Flatpress=1.2.1
=1.2.1
CVE-2022-40048
Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.
Flatpress Flatpress=1.2.1
=1.2.1
CVE-2021-41432
A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.
Flatpress Flatpress=1.2.1
CVE-2022-24588
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
Flatpress Flatpress=1.2.1
CVE-2020-22761
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.
Flatpress Flatpress=1.1
=1.1
CVE-2020-35241
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each ti...
Flatpress Flatpress=1.0.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203