CVE-2023-39796 — CVSS 9.8 (critical): SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via…
CVE-2025-67504 — CVSS 9.1 (critical): WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's…
CVE-2025-65950 — CVSS 8.8 (high): WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user…
CVE-2025-65094 — CVSS 8.8 (high): WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the…
CVE-2025-34506 — CVSS 8.8 (high): WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload…
CVE-2022-50936 — CVSS 8.8 (high): WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets…
CVE-2024-58283 — CVSS 8.8 (high): WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files…
CVE-2017-2119 — CVSS 8.6 (high): Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2025-66204 — CVSS 8.1 (high): WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset…
CVE-2022-25099 — CVSS 7.8 (high): A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25101 — CVSS 7.8 (high): A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP…
CVE-2022-45039 — CVSS 7.2 (high): An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a…
CVE-2019-17575 — CVSS 7.2 (high): A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user…
CVE-2023-38947 — CVSS 7.2 (high): An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary…
CVE-2017-2120 — CVSS 7.2 (high): SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands…
CVE-2017-2118 — CVSS 6.1 (medium): Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via…
CVE-2022-45037 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts…
CVE-2022-30072 — CVSS 5.4 (medium): WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
CVE-2022-45036 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web…
CVE-2022-45038 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts…
CVE-2022-45040 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web…
CVE-2023-43871 — CVSS 5.4 (medium): A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVE-2023-46054 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted…
CVE-2023-53901 — CVSS 5.4 (medium): WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user…
CVE-2023-53909 — CVSS 5.4 (medium): WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by…
CVE-2023-53910 — CVSS 5.4 (medium): WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by…
CVE-2022-45013 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web…
CVE-2022-45012 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts…
CVE-2018-6313 — CVSS 4.8 (medium): Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the…
CVE-2022-45015 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web…
CVE-2017-1000213 — CVSS 4.8 (medium): WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
CVE-2022-45017 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary…
CVE-2022-45016 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web…
CVE-2022-45014 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web…
CVE-2022-4006 — CVSS 3.7 (low): A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts…