Home/Product/bludit
Product

bludit

42 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-4420
all versions
Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating functionality. An authenticated attacker with page
5.4MEDIUM
 CVE-2026-25101
< 3.17.2
Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authent
9.8CRITICAL
 CVE-2026-25100
< 3.18.2
Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker with conten
5.4MEDIUM
 CVE-2026-25099
< 3.18.4
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without re
8.8HIGH
 CVE-2026-27742
< 3.16.2
Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The applicatio
5.4MEDIUM
 CVE-2026-27741
all versions
Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/instal
4.3MEDIUM
 CVE-2023-53907
< 3.13.1
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in user
6.5MEDIUM
 CVE-2024-24554
>= 3.14.0 and <= 3.15.0
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token a
8.2HIGH
 CVE-2024-24553
>= 3.14.0 and <= 3.15.0
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute
7.5HIGH
 CVE-2024-24552
>= 3.14.0 and <= 3.15.0
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administr
8.8HIGH
 CVE-2024-24551
<= 3.15.0
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Ima
8.8HIGH
 CVE-2024-24550
>= 3.14.0 and <= 3.15.0
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary fil
8.1HIGH
 CVE-2024-25297
all versions
Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain
4.8MEDIUM
 CVE-2023-24675
all versions
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly UR
4.8MEDIUM
 CVE-2023-24674
all versions
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter.
7.8HIGH
 CVE-2020-20210
all versions
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
8.8HIGH
 CVE-2023-34845
all versions
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerab
5.4MEDIUM
 CVE-2023-31698
all versions
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is
5.4MEDIUM
 CVE-2023-31572
all versions
An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a cr
8.8HIGH
 CVE-2020-19228
all versions
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
7.2HIGH
 CVE-2022-1590
all versions
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/ne
3.5LOW
 CVE-2021-45745
<= 3.13.1
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
5.4MEDIUM
 CVE-2021-45744
<= 3.13.1
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
5.4MEDIUM
 CVE-2021-35323
all versions
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
6.1MEDIUM
 CVE-2020-20495
all versions
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
9.1CRITICAL
 CVE-2020-18879
all versions
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the c
9.8CRITICAL
 CVE-2021-25808
all versions
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP
7.8HIGH
 CVE-2020-23765
all versions
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker
7.2HIGH
 CVE-2020-18190
all versions
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profi
9.1CRITICAL
 CVE-2020-15026
all versions
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via
4.9MEDIUM
 CVE-2020-15006
all versions
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.
5.4MEDIUM
 CVE-2020-13889
all versions
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
5.4MEDIUM
 CVE-2020-8812
all versions
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective i
5.4MEDIUM
 CVE-2020-8811
all versions
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
4.3MEDIUM
 CVE-2019-17240
all versions
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different
9.8CRITICAL
 CVE-2019-16334
all versions
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overla
4.8MEDIUM
 CVE-2019-16113
all versions
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file na
8.8HIGH
 CVE-2019-12742
< 3.9.1
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of
8.8HIGH
 CVE-2019-12548
< 3.9.0
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through
8.8HIGH
 CVE-2018-1000811
all versions
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor th
8.8HIGH
 CVE-2018-16313
all versions
Bludit 2.3.4 allows XSS via a user name.
6.1MEDIUM
 CVE-2017-16636
all versions
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message co
5.4MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh