Vulnerabilities > Flatpress > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2023-1105 External Control of File Name or Path vulnerability in Flatpress
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
network
low complexity
flatpress CWE-73
8.1
2022-09-29 CVE-2022-40048 Unrestricted Upload of File with Dangerous Type vulnerability in Flatpress 1.2.1
Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.
network
low complexity
flatpress CWE-434
7.2
2021-07-30 CVE-2020-22761 Cross-Site Request Forgery (CSRF) vulnerability in Flatpress 1.1
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.
network
low complexity
flatpress CWE-352
8.8