Websitebaker

websitebaker

16 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (16)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-47788 1Websitebaker 1Websitebaker Jan 30, 2026 Jan 16, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by...Show more WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.Show less
CVE-2023-53953 1Websitebaker 1Websitebaker Dec 27, 2025 Dec 19, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that exe...Show more WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users.Show less
CVE-2023-53903 1Websitebaker 1Websitebaker Dec 24, 2025 Dec 16, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags tha...Show more WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting attacks.Show less
CVE-2023-53902 1Websitebaker 1Websitebaker Dec 24, 2025 Dec 16, 2025 7.0 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/...Show more WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside the intended directory.Show less
CVE-2020-25990 1Websitebaker 1Websitebaker Nov 21, 2024 Oct 1, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or ex...Show more WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.Show less
CVE-2011-4322 1Websitebaker 1Websitebaker Nov 21, 2024 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 websitebaker prior to and including 2.8.1 has an authentication error in backup module.
CVE-2011-2934 1Websitebaker 1Websitebaker Nov 21, 2024 Jan 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
CVE-2011-2933 1Websitebaker 1Websitebaker Nov 21, 2024 Jan 14, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.
CVE-2017-16514 1Websitebaker 1Websitebaker Nov 21, 2024 Jan 10, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert...Show more Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application.Show less
CVE-2017-9771 1Websitebaker 1Websitebaker May 13, 2026 Jun 21, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
CVE-2017-9361 1Websitebaker 1Websitebaker May 13, 2026 Jun 2, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CVE-2017-9360 1Websitebaker 1Websitebaker May 13, 2026 Jun 2, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
CVE-2017-7410 1Websitebaker 1Websitebaker May 13, 2026 Apr 3, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name para...Show more Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.Show less
CVE-2015-0553 1Websitebaker 1Websitebaker May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.
CVE-2014-9243 1Websitebaker 1Websitebaker May 6, 2026 Dec 3, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter...Show more Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/.Show less
CVE-2014-9242 1Websitebaker 1Websitebaker May 6, 2026 Dec 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.