Emlog Security Vulnerabilities (CVEs)

Track 33 security vulnerabilities affecting Emlog products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

10 Critical

9 High

14 Medium

Sort by:

🔔 Get Alerts for Emlog

CVE-2026-21432 5.4

Emlog 2.5.23 has a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. When executed, th...

Jan 2, 2026

CVE-2026-21433 7.7

Emlog versions up to 2.5.19 are vulnerable to server-side request forgery (SSRF) via malicious SVG file uploads. Attackers can upload crafted SVG file...

Jan 2, 2026

CVE-2026-21430 9.3

CVE-2026-21430 is a CSRF vulnerability in Emlog's article creation functionality that allows attackers to force users to post malicious articles. When...

Jan 2, 2026

CVE-2026-21431 5.4

Emlog 2.5.23 has a stored cross-site scripting vulnerability in the Resource Media Library function when publishing articles. This allows attackers to...

Jan 2, 2026

CVE-2026-21429 4.3

This vulnerability in Emlog CMS allows administrators to restrict users from editing or deleting their own published articles. It affects all users of...

Jan 2, 2026

CVE-2025-61318 9.1

Emlog Pro 2.5.20 contains an arbitrary file deletion vulnerability in admin/template.php and admin/plugin.php components. Attackers can exploit direct...

Dec 8, 2025

CVE-2025-62717 9.1

Emlog Pro 2.5.23 has a session verification code error that allows attackers to reuse email verification codes. This authentication bypass vulnerabili...

Oct 24, 2025

CVE-2025-60447 5.9

A stored XSS vulnerability in Emlog Pro 2.5.19 allows administrators to inject malicious HTML/JavaScript into email templates. This could lead to pers...

Oct 3, 2025

CVE-2025-61597 7.6

Emlog versions 2.5.21 and below contain a stored cross-site scripting (XSS) vulnerability in mail template settings. An attacker with admin access can...

Oct 3, 2025

CVE-2025-9296 4.7

Emlog Pro up to version 2.5.18 contains an unrestricted file upload vulnerability in the avatar update function. Attackers can remotely upload malicio...

Aug 21, 2025

CVE-2025-53926 6.1

Emlog website building system contains a reflected cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts via comm...

Jul 16, 2025

CVE-2025-53923 8.2

Emlog website building system contains a cross-site scripting (XSS) vulnerability in the keyword parameter that allows attackers to inject malicious J...

Jul 16, 2025

CVE-2025-5119 7.3

This critical SQL injection vulnerability in Emlog Pro allows remote attackers to manipulate database queries through the 'tag' parameter in api_contr...

May 23, 2025

CVE-2025-47786 4.8

Emlog 2.5.13 has a stored XSS vulnerability where any registered user can inject malicious JavaScript via the 'perpage_num' parameter in comment.php. ...

May 15, 2025

CVE-2025-47787 9.8

Emlog Pro versions before 2.5.10 contain a critical file upload vulnerability in the store.php component that fails to properly validate remotely down...

May 15, 2025

CVE-2025-47784 9.8

Emlog versions 2.5.13 and prior contain a deserialization vulnerability where a user can craft a malicious nickname to cause deserialization failure. ...

May 15, 2025

CVE-2025-30372 9.8

Emlog Pro versions 2.5.7 and 2.5.8 contain an SQL injection vulnerability in search_controller.php due to improper input sanitization. Attackers can b...

Mar 28, 2025

CVE-2025-25818 5.1

This cross-site scripting (XSS) vulnerability in Emlog Pro allows attackers to inject malicious scripts into blog posts via the postStrVar function. A...

Feb 26, 2025

CVE-2025-25823 7.3

This cross-site scripting vulnerability in Emlog Pro v2.5.4 allows attackers to inject malicious scripts into article headers via the admin interface....

Feb 26, 2025

CVE-2025-25825 7.1

This cross-site scripting vulnerability in Emlog Pro v2.5.4 allows attackers to inject malicious scripts into article category titles, which then exec...

Feb 26, 2025

CVE-2025-25827 6.8

This Server-Side Request Forgery vulnerability in Emlog Pro allows attackers to make the vulnerable server send requests to internal network resources...

Feb 26, 2025

CVE-2024-12843 4.3

This is a cross-site scripting (XSS) vulnerability in Emlog Pro's admin plugin management interface. Attackers can inject malicious scripts via the 'f...

Dec 20, 2024

CVE-2024-12842 4.3

This vulnerability allows attackers to inject malicious scripts via the 'keyword' parameter in Emlog Pro's /admin/user.php file, leading to cross-site...

Dec 20, 2024

CVE-2024-12841 4.3

This vulnerability allows attackers to inject malicious scripts into Emlog Pro blog management systems through the tag.php admin interface. Remote att...

Dec 20, 2024

CVE-2024-31612 6.5

Emlog Pro 2.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in twitter.php that can be combined with Cross-Site Scripting (XSS) to access...

Jun 10, 2024

CVE-2024-33752 6.3

This vulnerability allows remote attackers to upload arbitrary files to emlog Pro installations, potentially leading to remote code execution. Attacke...

May 6, 2024

CVE-2023-41623 7.2

Emlog Pro version 2.1.14 contains a SQL injection vulnerability in the uid parameter at /admin/media.php. This allows attackers to execute arbitrary S...

Dec 12, 2023

CVE-2023-44973 9.8

This vulnerability allows attackers to upload arbitrary PHP files to Emlog Pro's template directory, leading to remote code execution. It affects Emlo...

Oct 3, 2023

CVE-2023-43291 9.8

CVE-2023-43291 is a critical deserialization vulnerability in emlog pro CMS that allows remote attackers to execute arbitrary code on affected systems...

Sep 27, 2023

CVE-2023-39121 7.2

CVE-2023-39121 is a SQL injection vulnerability in emlog v2.1.9 that allows attackers to execute arbitrary SQL commands via the /admin/user.php compon...

Aug 3, 2023

CVE-2020-19028 7.5

This vulnerability allows remote attackers to upload arbitrary files via the /admin/plugin.php endpoint in EmlogCMS v6.0.0. Attackers can gain unautho...

Jun 5, 2023

CVE-2021-40883 9.8

This vulnerability allows unauthenticated attackers to upload malicious PHP files through the plugin upload functionality in emlog, leading to remote ...

Dec 14, 2021

CVE-2020-21585 9.8

CVE-2020-21585 is a critical vulnerability in emlog v6.0.0 that allows authenticated users to upload malicious PHP webshells via the zip plugin module...

Apr 2, 2021

Why Monitor Emlog Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 33+ known vulnerabilities affecting Emlog products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Emlog packages in under 60 seconds. No agents required - completely agentless scanning that works across Emlog deployments.

Free vulnerability database: Access detailed information about every Emlog CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Emlog CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Emlog CVEs Free