CVE Tools

wtcms project

Web & CMS Pluginsoss-project

10

Cumulative CVEs

2

Monthly snapshots

#84

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting wtcms project.

CVE-2025-13786taosir WTCMS index.php fetch code injection7.3Nov 30, 2025
CVE-2025-13783taosir WTCMS CommentadminController CommentadminController.class.php delete sql injection6.3Nov 30, 2025
CVE-2025-13782taosir WTCMS SlideController SlideController.class.php delete sql injection7.3Nov 30, 2025
CVE-2024-48239An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).4.8Oct 25, 2024
CVE-2024-48238WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.4.7Oct 25, 2024
CVE-2024-48237WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.9.8Oct 25, 2024
CVE-2020-20349WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.5.4Sep 1, 2021
CVE-2020-20348WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module.5.4Sep 1, 2021
CVE-2020-20347WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.5.4Sep 1, 2021
CVE-2020-20345WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.5.4Sep 1, 2021
CVE-2020-20344WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module.5.4Sep 1, 2021
CVE-2020-20343WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator backg...6.5Sep 1, 2021
CVE-2019-16719WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.6.5Sep 23, 2019
CVE-2019-8911An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).6.1Feb 18, 2019
CVE-2019-8910An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.8.8Feb 18, 2019