VYPR

PerfreeBlog

by perfree

CVEs (12)

  • CVE-2023-30333CriMay 18, 2023
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2025-29281HigApr 15, 2025
    risk 0.57cvss 8.8epss 0.01

    In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.

  • CVE-2023-40825HigAug 28, 2023
    risk 0.47cvss 7.2epss 0.01

    An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.

  • CVE-2023-29643MedMay 1, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.

  • CVE-2025-29280MedApr 15, 2025
    risk 0.31cvss 4.8epss 0.00

    Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code.

  • CVE-2025-5164LowMay 26, 2025
    risk 0.24cvss 3.7epss 0.01

    A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity…

  • CVE-2025-60319Oct 30, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).

  • CVE-2025-60729Oct 24, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

  • CVE-2025-60735Oct 24, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

  • CVE-2025-60730Oct 24, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

  • CVE-2025-29420Aug 25, 2025
    risk 0.00cvss epss 0.01

    PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.

  • CVE-2025-29421Aug 25, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.