Grav CMS 1.7.48 - Remote Code Execution (RCE)

Exploit Title: Grav CMS 1.7.48 - Remote Code Execution RCE Date: 2025-08-07 Exploit Author: binneko https://github.com/binneko Vendor Homepage: https://getgrav.org/ Software Link: https://github.com/getgrav/grav/releases/tag/1.7.48 Version: Grav CMS v1.7.48 / Admin Plugin v1.10.48 Tested on: Debi...

CVE-2025-46198

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element...

CVE-2025-46199

Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields...

CVE-2025-46198

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element...

WordPress AddToAny Share Buttons Plugin < 1.7.48 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress AddToAny Share Buttons plugin <= 1.7.47 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by TYM in WordPress AddToAny Share Buttons plugin versions = 1.7.47. Solution Update the WordPress AddToAny Share Buttons plugin to the latest available version at least 1.7.48...