📦 Flatpress

This CVE describes a path traversal vulnerability in FlatPress blogging software that allows attackers to read arbitrary files on the server. It affects all FlatPress installations prior to version 1....

FlatPress CMS has a CSRF vulnerability that allows attackers to enable or disable plugins on behalf of authenticated users. Attackers can craft malicious links that, when clicked by logged-in administ...

FlatPress CMS v1.3.1 stores authentication data insecurely in cookies, potentially allowing attackers to steal session information and impersonate users. This affects all installations using the vulne...

This vulnerability allows attackers to control file paths in FlatPress blog software, potentially leading to arbitrary file read or write operations. It affects all FlatPress installations prior to ve...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 that allows attackers to trick authenticated administrators into performing unauthorized file deletions via the De...

FlatPress 1.3.1 contains a cross-site scripting vulnerability in the administration panel's category management feature. This allows attackers to inject malicious scripts that execute when administrat...

A stored Cross-Site Scripting (XSS) vulnerability in FlatPress CMS allows attackers to upload malicious files with JavaScript payloads in filenames. When other users access these files, the payload ex...

CVE-2024-33209 is a stored XSS vulnerability in FlatPress v1.3 that allows attackers to inject malicious JavaScript into blog entries. When victims view compromised entries, the attacker's code execut...

This cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to inject malicious scripts into the email field, which then execute in victims' browsers. Any Flatpress v1.3 installat...