CVE Tools

ghost foundation

Web & CMS Pluginsoss-project

4

Cumulative CVEs

1

Monthly snapshots

#133

Peak rank

Top products

Latest CVEs

The 10 most recently published vulnerabilities affecting ghost foundation.

CVE-2026-26980Ghost has a SQL Injection in its Content API9.4Feb 20, 2026
CVE-2024-34559WordPress Ghost plugin <= 1.4.0 - Sensitive Data Exposure via Log File vulnerability7.5May 9, 2024
CVE-2024-23724Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact wit...9.0Feb 11, 2024
CVE-2022-43441A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An at...8.1Mar 16, 2023
CVE-2022-47197An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascr...5.4Jan 19, 2023
CVE-2022-47195An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascr...5.4Jan 19, 2023
CVE-2022-47196An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascr...5.4Jan 19, 2023
CVE-2022-47194An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascr...5.4Jan 19, 2023
CVE-2022-41697A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker c...5.3Dec 23, 2022
CVE-2022-41654An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An att...4.3Dec 23, 2022