flatpress

Top products

The 15 most recently published vulnerabilities affecting flatpress.

• CVE-2025-44108A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a m...4.8May 19, 2025
• CVE-2025-29602flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.6.1May 7, 2025
• CVE-2024-4023Stored XSS in flatpressblog/flatpress8.1Mar 20, 2025
• CVE-2024-9699Cross-Site Scripting (XSS) in flatpressblog/flatpress5.4Mar 20, 2025
• CVE-2024-9847Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress8.0Mar 20, 2025
• CVE-2025-25460A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript ...4.8Feb 24, 2025
• CVE-2024-41290FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.8.1Oct 2, 2024
• CVE-2024-33210A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.5.4Oct 2, 2024
• CVE-2024-33209FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the con...5.4Oct 2, 2024
• CVE-2024-31835Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.4.8Oct 1, 2024
• CVE-2024-25412A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.6.1Sep 27, 2024
• CVE-2024-25411A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.6.1Sep 27, 2024
• CVE-2023-1148Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress4.8Mar 2, 2023
• CVE-2023-1147Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress5.4Mar 2, 2023
• CVE-2023-1146Cross-site Scripting (XSS) - Generic in flatpressblog/flatpress5.4Mar 2, 2023