CVE-2019-8908 — CVSS 9.8 (critical): An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox…
CVE-2018-10267 — CVSS 8.8 (high): WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.
CVE-2019-8910 — CVSS 8.8 (high): An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
CVE-2019-8909 — CVSS 7.5 (high): An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions…
CVE-2025-13786 — CVSS 7.3 (high): A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file…
CVE-2025-13782 — CVSS 7.3 (high): A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function…
CVE-2020-20343 — CVSS 6.5 (medium): WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows…
CVE-2025-13783 — CVSS 6.3 (medium): A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function…
CVE-2019-8911 — CVSS 6.1 (medium): An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).
CVE-2020-20347 — CVSS 5.4 (medium): WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.
CVE-2020-20344 — CVSS 5.4 (medium): WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles…
CVE-2020-20345 — CVSS 5.4 (medium): WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain…
CVE-2020-20349 — CVSS 5.4 (medium): WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.
CVE-2020-20348 — CVSS 5.4 (medium): WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module.
CVE-2024-48239 — CVSS 4.8 (medium): An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting…
CVE-2024-48238 — CVSS 4.7 (medium): WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.