Processwire

processwire

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-60790 1Processwire 1Processwire Nov 7, 2025 Oct 21, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.
CVE-2024-41597 1Processwire 1Processwire Jul 9, 2025 Jul 19, 2024 N/A· v4 4.2 MEDIUM· v3 N/A· v2 Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.
CVE-2023-24676 1Processwire 1Processwire Oct 17, 2025 Jan 24, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation re...Show more An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.Show less
CVE-2022-40488 1Processwire 1Processwire May 6, 2025 Oct 31, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVE-2022-40487 1Processwire 1Processwire May 6, 2025 Oct 31, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or...Show more ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.Show less
CVE-2020-27467 1Processwire 1Processwire Nov 21, 2024 Feb 24, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.