VYPR
Vendor

Amasty

Products
4
CVEs
5
Across products
5
Status
Private

Products

4

Recent CVEs

5
  • CVE-2026-53787CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.05

    Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint…

  • CVE-2022-36433MedNov 29, 2022
    risk 0.40cvss 6.1epss 0.01

    The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.

  • CVE-2022-35501MedNov 23, 2022
    risk 0.35cvss 5.4epss 0.00

    Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.

  • CVE-2022-35500MedNov 23, 2022
    risk 0.35cvss 5.4epss 0.00

    Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.

  • CVE-2022-36432MedNov 17, 2022
    risk 0.35cvss 5.4epss 0.01

    The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.