Every CVE whose affected-product data names Monstra Monstra Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2018-11678 — CVSS 9.8 (critical): plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.
CVE-2020-23219 — CVSS 8.8 (high): Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit…
CVE-2025-69906 — CVSS 8.8 (high): Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based…
CVE-2020-13978 — CVSS 7.2 (high): Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute…
CVE-2020-20691 — CVSS 6.5 (medium): An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and…
CVE-2020-23205 — CVSS 5.4 (medium): A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML…
CVE-2018-19599 — CVSS 5.4 (medium): Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a…