Every CVE whose affected-product data names Pligg Pligg Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2022-34955 — CVSS 9.8 (critical): Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.ph…
CVE-2022-34956 — CVSS 9.8 (critical): Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.
CVE-2023-37677 — CVSS 9.8 (critical): Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component…
CVE-2024-42607 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
CVE-2024-42603 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall
CVE-2024-42604 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id…
CVE-2024-42605 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
CVE-2024-42606 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1
CVE-2024-42616 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widg…
CVE-2024-42619 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whit…
CVE-2024-42609 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
CVE-2024-42618 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
CVE-2024-42617 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=…
CVE-2024-42608 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.
CVE-2024-42613 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&wid…
CVE-2024-42612 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
CVE-2024-42621 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
CVE-2024-42611 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
CVE-2024-42610 — CVSS 8.8 (high): Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files
CVE-2008-7090 — CVSS 7.8 (high): Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary…
CVE-2012-2937 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list…
CVE-2008-1774 — CVSS 7.5 (high): SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3366 — CVSS 7.5 (high): SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id…
CVE-2008-5739 — CVSS 7.5 (high): SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the…
CVE-2008-6968 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the…
CVE-2008-7091 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id…
CVE-2010-2577 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title…
CVE-2010-3013 — CVSS 7.5 (high): SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role…
CVE-2011-5022 — CVSS 7.5 (high): SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status…
CVE-2007-5579 — CVSS 7.5 (high): login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with…
CVE-2014-9096 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL…
CVE-2009-4787 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of…
CVE-2015-6655 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators…
CVE-2012-2435 — CVSS 6.5 (medium): Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute…
CVE-2011-3794 — CVSS 5.0 (medium): Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation…
CVE-2011-5023 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2011-3986 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2012-2436 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML…
CVE-2009-4788 — CVSS 4.3 (medium): Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and…
CVE-2012-2936 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML…
CVE-2009-4786 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2008-7089 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2008-3572 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the…