Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60790 | 1 Processwire | 1 Processwire | 2025-10-23 | 6.5 Medium |
| ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service. | ||||
| CVE-2023-24676 | 1 Processwire | 1 Processwire | 2025-10-17 | 7.2 High |
| An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code. | ||||
| CVE-2024-41597 | 1 Processwire | 1 Processwire | 2025-07-09 | 4.2 Medium |
| Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. | ||||
| CVE-2022-40488 | 1 Processwire | 1 Processwire | 2025-05-06 | 6.5 Medium |
| ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). | ||||
| CVE-2022-40487 | 1 Processwire | 1 Processwire | 2025-05-06 | 6.1 Medium |
| ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. | ||||
| CVE-2020-27467 | 1 Processwire | 1 Processwire | 2024-11-21 | 7.5 High |
| A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. | ||||
Page 1 of 1.