38 matches found
CVE-2025-54761
CVE-2025-54761 affects PPress CMS 0.0.9 and involves a flaw where a crafted session cookie can lead to elevated privileges. The CVE is tracked across multiple feeds (Red Hat, NVD, osv.dev, CNNVD, etc.). The base CVSS v3.1 score is 8.0 (High) with Network attack vector, Low attack complexity, Priv...
CVE-2025-54761
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie...
CVE-2025-52159
Hardcoded credentials in default configuration of PPress 0.0.9...
CVE-2025-52159
CVE-2025-52159 affects PPress CMS (version 0.0.9; related note mentions 0.0.9-beta). The connected exploit documentation describes a chain leading to remote code execution via server-side template injection (SSTI) and highlights Broken/Incorrect Access Control enabling exploit progression. The ro...
CVE-2025-54815
Server-side template injection SSTI vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes...
CVE-2025-54815
Server-side template injection SSTI vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes...
CVE-2025-54761
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie...
Exploit for CVE-2025-52159
This vulnerability chains has been assigned the following CVE ID...
Exploit for CVE-2025-52159
This vulnerability chains has been assigned the following CVE ID...
CVE-2025-25973
A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters...
CVE-2025-25973
A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters...
PPress 安全漏洞
PPress is a Python based blogging CMS system developed by yandaozi. A security vulnerability exists in PPress version 0.0.9, which stems from a stored cross-site scripting vulnerability in related recommendations, which allows remote attackers to execute arbitrary code...
CVE-2025-25973
A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters...
CVE-2025-25973
CVE-2025-25973 affects Ppress v0.0.9 where a stored XSS flaw exists in the "related recommendations" feature. The vulnerability arises from crafted input to article.title, article.category, and article.tags, enabling a remote attacker to execute arbitrary code. Affected component is the related r...
PT-2025-7592 · Phpress · Ppress
Name of the Vulnerable Software and Affected Versions: Ppress version 0.0.9 Description: A stored Cross-Site Scripting vulnerability in the "related recommendations" feature allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and...
CVE-2025-25973
A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters...
CVE-2025-25973
A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters...
CVE-2021-24954
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppressccdata parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue...