Bludit

Bludit

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-27741

Exploit
  • EPSS 0.02%
  • Veröffentlicht 23.02.2026 22:01:57
  • Zuletzt bearbeitet 26.02.2026 03:03:26

Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms fo...

5.4

CVE-2026-27742

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.02.2026 21:58:56
  • Zuletzt bearbeitet 26.02.2026 03:04:02

Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An aut...

7.1

CVE-2023-53907

Exploit
  • EPSS 0.37%
  • Veröffentlicht 17.12.2025 22:44:45
  • Zuletzt bearbeitet 31.12.2025 18:31:31

Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path paramet...

8.2

CVE-2024-24554

  • EPSS 0.12%
  • Veröffentlicht 24.06.2024 08:15:09
  • Zuletzt bearbeitet 02.01.2026 20:20:41

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

7.5

CVE-2024-24553

  • EPSS 0.06%
  • Veröffentlicht 24.06.2024 07:15:15
  • Zuletzt bearbeitet 02.01.2026 20:35:07

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a ...

8.8

CVE-2024-24552

  • EPSS 0.02%
  • Veröffentlicht 24.06.2024 07:15:14
  • Zuletzt bearbeitet 02.01.2026 20:33:01

A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.

8.8

CVE-2024-24551

Exploit
  • EPSS 0.22%
  • Veröffentlicht 24.06.2024 07:15:14
  • Zuletzt bearbeitet 02.01.2026 20:31:00

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execut...

8.1

CVE-2024-24550

Exploit
  • EPSS 0.14%
  • Veröffentlicht 24.06.2024 07:15:13
  • Zuletzt bearbeitet 02.01.2026 20:19:43

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper h...

4.8

CVE-2024-25297

Exploit
  • EPSS 0.08%
  • Veröffentlicht 17.02.2024 06:15:53
  • Zuletzt bearbeitet 21.11.2024 09:00:35

Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.

4.8

CVE-2023-24675

Exploit
  • EPSS 0.09%
  • Veröffentlicht 01.09.2023 10:15:08
  • Zuletzt bearbeitet 21.11.2024 07:48:17

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL.