Microweber Security Vulnerabilities (CVEs)

Track 21 security vulnerabilities affecting Microweber products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

3 Critical

11 High

7 Medium

Sort by:

🔔 Get Alerts for Microweber

CVE-2024-58289 5.4

Microweber 2.0.15 contains a stored cross-site scripting vulnerability in user profile fields that allows authenticated attackers to inject malicious ...

Dec 11, 2025

CVE-2025-60954 8.3

Microweber CMS 2.0 has weak password requirements that allow users to set extremely simple passwords during password resets, including single-characte...

Oct 24, 2025

CVE-2025-51501 6.1

This reflected XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious JavaScript via the id parameter in the live_edit.module_se...

Aug 1, 2025

CVE-2025-51502 6.1

This vulnerability allows attackers to inject malicious JavaScript via the layout parameter on the admin page creation interface in Microweber CMS. Wh...

Aug 1, 2025

CVE-2025-51504 7.6

Microweber CMS 2.0 contains a stored cross-site scripting (XSS) vulnerability in the profile page's last name field. This allows attackers to inject m...

Aug 1, 2025

CVE-2025-34076 7.2

An authenticated local file inclusion vulnerability in Microweber CMS allows authenticated users to read arbitrary files from the filesystem. Attacker...

Jul 2, 2025

CVE-2024-33298 6.1

Microweber v2.0.9 contains a cross-site scripting (XSS) vulnerability in the backup creation function that allows remote attackers to inject malicious...

Jan 10, 2025

CVE-2024-40101 6.1

This vulnerability allows unauthenticated remote attackers to inject malicious scripts into the '/search' page of Microweber CMS via the 'keywords' pa...

Aug 6, 2024

CVE-2024-41381 6.1

Microweber 2.0.16 contains a stored cross-site scripting (XSS) vulnerability in the admin.php settings module that allows attackers to inject maliciou...

Aug 5, 2024

CVE-2023-49052 8.8

This vulnerability allows remote attackers to upload malicious files through Microweber's forms component, leading to arbitrary code execution. It aff...

Nov 30, 2023

CVE-2023-5318 7.5

CVE-2023-5318 involves hard-coded credentials in Microweber CMS versions before 2.0, allowing attackers to gain unauthorized access to affected system...

Sep 30, 2023

CVE-2023-2240 8.8

This vulnerability allows improper privilege management in Microweber CMS, enabling attackers to escalate privileges or perform unauthorized actions. ...

Apr 22, 2023

CVE-2023-1877 9.8

This CVE describes a command injection vulnerability in Microweber CMS versions prior to 1.3.3. Attackers can execute arbitrary operating system comma...

Apr 5, 2023

CVE-2021-36461 8.8

Microweber 1.1.3 has an arbitrary file upload vulnerability that allows attackers to upload malicious files disguised as pictures, potentially leading...

Jul 15, 2022

CVE-2022-0913 7.5

This integer overflow vulnerability in Microweber CMS allows attackers to cause denial of service or potentially execute arbitrary code by triggering ...

Mar 11, 2022

CVE-2022-0895 9.8

CVE-2022-0895 is a static code injection vulnerability in Microweber CMS prior to version 1.3, allowing attackers to inject malicious code into static...

Mar 10, 2022

CVE-2022-0777 7.5

This vulnerability allows attackers to bypass password recovery mechanisms in Microweber CMS, potentially gaining unauthorized access to user accounts...

Mar 1, 2022

CVE-2022-0666 7.5

This CVE describes a CRLF injection vulnerability in Microweber CMS that allows attackers to inject carriage return and line feed characters into HTTP...

Feb 18, 2022

CVE-2022-0282 4.3

This CVE describes a cross-site scripting (XSS) vulnerability in Microweber CMS versions prior to 1.2.11. Attackers can inject malicious scripts into ...

Jan 20, 2022

CVE-2022-0281 7.5

CVE-2022-0281 is an information disclosure vulnerability in Microweber CMS that exposes sensitive information to unauthorized actors. This affects all...

Jan 20, 2022

CVE-2020-23138 9.8

This vulnerability allows attackers to upload malicious PHP files disguised as JPEG images to Microweber's admin panel. Attackers can execute arbitrar...

Nov 9, 2020

Why Monitor Microweber Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 21+ known vulnerabilities affecting Microweber products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Microweber packages in under 60 seconds. No agents required - completely agentless scanning that works across Microweber deployments.

Free vulnerability database: Access detailed information about every Microweber CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Microweber CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Microweber CVEs Free