cksource

Top products

The 9 most recently published vulnerabilities affecting cksource.

• CVE-2025-13980CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-1185.3Jan 28, 2026
• CVE-2016-20023In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.5.0Dec 5, 2025
• CVE-2025-63830CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.6.1Nov 14, 2025
• CVE-2024-13245CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-0095.4Jan 9, 2025
• CVE-2023-4771Cross-Site Scripting vulnerability in CKSource CKEditor6.1Nov 16, 2023
• CVE-2011-4972hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.7.5Nov 13, 2019
• CVE-2019-15891An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletpro...5.3Sep 26, 2019
• CVE-2019-15862An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept fi...7.5Sep 26, 2019
• CVE-2015-9349The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.6.1Aug 27, 2019