Product
processwire
6 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-60790
CVE-2024-41597
CVE-2023-24676
CVE-2022-40488
CVE-2022-40487
CVE-2020-27467
<= 3.0.246
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extra
all versions
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted
all versions
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_
all versions
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
all versions
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search
>= 2.0.0 and < 2.7.1
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.