Ritecms: >> Ritecms >> 3.1.0 Security Vulnerabilities
A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-12-17
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-12-17
A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-12-17
A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-17
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-17
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.
CVSS Score
7.2
EPSS Score
0.004
Published
2025-12-17