threat
engine
.sh
Back
·
··:··
Home
/
Product
/
wbce cms
Product
wbce cms
40 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-50936
all versions
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious dro
8.8
HIGH
CVE-2023-53910
all versions
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaSc
5.4
MEDIUM
CVE-2023-53909
all versions
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaSc
5.4
MEDIUM
CVE-2023-53901
all versions
WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture use
5.4
MEDIUM
CVE-2025-34506
<= 1.6.3
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to uploa
8.8
HIGH
CVE-2024-58283
all versions
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP
8.8
HIGH
CVE-2025-65950
< 1.6.5
WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authentic
8.8
HIGH
CVE-2025-67504
< 1.6.5
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using
9.1
CRITICAL
CVE-2025-66204
< 1.6.5
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely
8.1
HIGH
CVE-2025-65094
< 1.6.4
WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges t
8.8
HIGH
CVE-2023-39796
all versions
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary
9.8
CRITICAL
CVE-2023-46054
<= 1.6.1
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a craf
5.4
MEDIUM
CVE-2023-43871
all versions
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
5.4
MEDIUM
CVE-2023-38947
all versions
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbi
7.2
HIGH
CVE-2023-29855
all versions
WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.
7.2
HIGH
CVE-2022-46020
all versions
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
9.8
CRITICAL
CVE-2022-45040
all versions
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitr
5.4
MEDIUM
CVE-2022-45039
all versions
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code
7.2
HIGH
CVE-2022-45038
all versions
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary we
5.4
MEDIUM
CVE-2022-45037
all versions
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web
5.4
MEDIUM
CVE-2022-45036
all versions
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary
5.4
MEDIUM
CVE-2022-45017
<= 1.5.4
A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arb
4.8
MEDIUM
CVE-2022-45016
<= 1.5.4
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary
4.8
MEDIUM
CVE-2022-45015
<= 1.5.4
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary
4.8
MEDIUM
CVE-2022-45014
<= 1.5.4
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary
4.8
MEDIUM
CVE-2022-45013
<= 1.5.4
A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbit
4.8
MEDIUM
CVE-2022-45012
<= 1.5.4
A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web
4.8
MEDIUM
CVE-2022-4006
all versions
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_
3.7
LOW
CVE-2022-30072
all versions
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
5.4
MEDIUM
CVE-2022-30073
all versions
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.
5.4
MEDIUM
CVE-2022-28477
all versions
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
6.1
MEDIUM
CVE-2022-25101
all versions
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafte
7.8
HIGH
CVE-2022-25099
all versions
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted
7.8
HIGH
CVE-2021-3817
< 1.5.2
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
9.8
CRITICAL
CVE-2019-17575
<= 1.4.0
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authentica
7.2
HIGH
CVE-2018-6313
all versions
Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via
4.8
MEDIUM
CVE-2017-1000213
all versions
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
4.8
MEDIUM
CVE-2017-2120
<= 1.1.10
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL
7.2
HIGH
CVE-2017-2119
<= 1.1.10
Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified v
8.6
HIGH
CVE-2017-2118
<= 1.1.10
Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML v
6.1
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin