flatpress · threatengine.sh

CVE-2025-44108

< 1.4

A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery c

4.8MEDIUM

CVE-2025-29602

<= 1.3.1

flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.

6.1MEDIUM

CVE-2024-9847

< 1.4

FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disabl

8.0HIGH

CVE-2024-9699

< 1.4

A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a

5.4MEDIUM

CVE-2024-4023

all versions

A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a

8.1HIGH

CVE-2025-25460

all versions

A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerabi

4.8MEDIUM

CVE-2024-41290

all versions

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.

8.1HIGH

CVE-2024-33210

all versions

A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject m

5.4MEDIUM

CVE-2024-33209

all versions

FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Ent

5.4MEDIUM

CVE-2024-31835

< 1.3

Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafte

4.8MEDIUM

CVE-2024-25412

< 1.3

A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a craft

6.1MEDIUM

CVE-2024-25411

< 1.3

A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a craft

6.1MEDIUM

CVE-2023-1148

< 1.3

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

4.8MEDIUM

CVE-2023-1147

< 1.3

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

5.4MEDIUM

CVE-2023-1146

< 1.3

Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.

5.4MEDIUM

CVE-2023-1107

< 1.3

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

5.4MEDIUM

CVE-2023-1106

< 1.3

Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.

6.1MEDIUM

CVE-2023-1105

< 2022-12-25

External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.

8.1HIGH

CVE-2023-1104

< 1.3

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

5.4MEDIUM

CVE-2023-0947

<= 1.2.1

Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.

9.8CRITICAL

CVE-2022-4822

all versions

A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of t

2.4LOW

CVE-2022-4821

all versions

A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file adm

2.4LOW

CVE-2022-4820

all versions

A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry

3.5LOW

CVE-2022-4755

all versions

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/

3.5LOW

CVE-2022-4748

all versions

A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp

5.5MEDIUM

CVE-2022-4605

<= 1.2.1

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

5.4MEDIUM

CVE-2022-4606

<= 1.2.1

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.

9.8CRITICAL

CVE-2022-40047

all versions

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpre

5.4MEDIUM

CVE-2022-40048

all versions

Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.

7.2HIGH

CVE-2021-41432

all versions

A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript comm

5.4MEDIUM

CVE-2022-24588

all versions

Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.

5.4MEDIUM

CVE-2020-22761

all versions

Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.

8.8HIGH

CVE-2020-35241

all versions

FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker

4.8MEDIUM

CVE-2014-100036

all versions

Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the

CVE-2009-4461

all versions

Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HT

CVE-2008-4120

all versions

Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HT