Home/Product/wtcms project wtcms
Product

wtcms project wtcms

18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-13786
<= 2019-12-20
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the
7.3HIGH
 CVE-2025-13783
<= 2019-12-20
A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function chec
6.3MEDIUM
 CVE-2025-13782
<= 2019-12-20
A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the funct
7.3HIGH
 CVE-2024-48239
all versions
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, r
4.8MEDIUM
 CVE-2024-48238
all versions
WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parame
4.7MEDIUM
 CVE-2024-48237
all versions
WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.
9.8CRITICAL
 CVE-2020-20349
all versions
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.
5.4MEDIUM
 CVE-2020-20348
all versions
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module
5.4MEDIUM
 CVE-2020-20347
all versions
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.
5.4MEDIUM
 CVE-2020-20345
all versions
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers
5.4MEDIUM
 CVE-2020-20344
all versions
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background artic
5.4MEDIUM
 CVE-2020-20343
all versions
WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allo
6.5MEDIUM
 CVE-2019-16719
all versions
WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.
6.5MEDIUM
 CVE-2019-8911
all versions
An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).
6.1MEDIUM
 CVE-2019-8910
all versions
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
8.8HIGH
 CVE-2019-8909
all versions
An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted d
7.5HIGH
 CVE-2019-8908
all versions
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting - Mailbox
9.8CRITICAL
 CVE-2018-10267
all versions
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.
8.8HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh