Shodan
Vulnerabilities
Vulnerable Software
Pluxml:  >> Pluxml  Security Vulnerabilities
CVE-2025-67436
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).
CVSS Score
6.5
EPSS Score
0.001
Published
2025-12-22
CVE-2024-22636
PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.
CVSS Score
8.8
EPSS Score
0.048
Published
2024-01-25
CVE-2022-25018
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
CVSS Score
8.8
EPSS Score
0.066
Published
2022-03-01
CVE-2022-25020
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
CVSS Score
5.4
EPSS Score
0.01
Published
2022-03-01
CVE-2022-24585
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-15
CVE-2022-24587
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-15
CVE-2022-24586
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-15
CVE-2021-38602
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
CVSS Score
4.8
EPSS Score
0.005
Published
2021-08-12
CVE-2021-38603
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
CVSS Score
4.8
EPSS Score
0.008
Published
2021-08-12
CVE-2020-18185
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-10-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved