CVE-2020-22761 — CVSS 8.8 (high): Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.
CVE-2024-4023 — CVSS 8.1 (high): A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig`…
CVE-2024-41290 — CVSS 8.1 (high): FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.
CVE-2023-1105 — CVSS 8.1 (high): External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2024-9847 — CVSS 8.0 (high): FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins…
CVE-2022-40048 — CVSS 7.2 (high): Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.
CVE-2024-25411 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2024-25412 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2025-29602 — CVSS 6.1 (medium): flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.
CVE-2023-1106 — CVSS 6.1 (medium): Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2022-4748 — CVSS 5.5 (medium): A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file…
CVE-2022-40047 — CVSS 5.4 (medium): Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at…
CVE-2024-33210 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious…
CVE-2022-24588 — CVSS 5.4 (medium): Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
CVE-2024-9699 — CVSS 5.4 (medium): A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with…
CVE-2024-33209 — CVSS 5.4 (medium): FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry"…
CVE-2021-41432 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands…
CVE-2025-44108 — CVSS 4.8 (medium): A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions…
CVE-2020-35241 — CVSS 4.8 (medium): FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject…
CVE-2024-31835 — CVSS 4.8 (medium): Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload…
CVE-2025-25460 — CVSS 4.8 (medium): A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability…
CVE-2014-100036 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content…
CVE-2008-4120 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2009-4461 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2022-4820 — CVSS 3.5 (low): A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.ent…
CVE-2022-4755 — CVSS 3.5 (low): A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file…
CVE-2022-4821 — CVSS 2.4 (low): A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file…
CVE-2022-4822 — CVSS 2.4 (low): A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file…