VYPR
Vendor

Typecho

Products
1
CVEs
18
Across products
18
Status
Private

Products

1

Recent CVEs

18
  • CVE-2023-24114CriFeb 22, 2023
    risk 0.64cvss 9.8epss 0.01

    typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php.

  • CVE-2018-18753CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.03

    Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.

  • CVE-2024-35540CriAug 20, 2024
    risk 0.62cvss 9.0epss 0.03

    A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2023-36299HigAug 3, 2023
    risk 0.57cvss 8.8epss 0.01

    A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.

  • CVE-2023-49967HigDec 7, 2023
    risk 0.49cvss 7.5epss 0.01

    Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.

  • CVE-2024-35539MedAug 19, 2024
    risk 0.45cvss 6.5epss 0.01

    Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.

  • CVE-2024-57369MedJan 17, 2025
    risk 0.42cvss 6.4epss 0.00

    Clickjacking vulnerability in typecho v1.2.1.

  • CVE-2020-21038MedMay 8, 2023
    risk 0.40cvss 6.1epss 0.00

    Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.

  • CVE-2024-46494MedApr 7, 2025
    risk 0.35cvss 5.4epss 0.00

    A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.

  • CVE-2023-30184MedMay 4, 2023
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.

  • CVE-2017-16230MedOct 30, 2017
    risk 0.35cvss 5.4epss 0.01

    In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit.

  • CVE-2024-35538MedAug 19, 2024
    risk 0.34cvss 5.3epss 0.01

    Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

  • CVE-2023-27711MedMar 16, 2023
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component.

  • CVE-2023-27131MedMar 16, 2023
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter.

  • CVE-2023-6615LowDec 8, 2023
    risk 0.23cvss 3.5epss 0.01

    A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed…

  • CVE-2023-6614LowDec 8, 2023
    risk 0.18cvss 2.7epss 0.01

    A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The…

  • CVE-2023-6613LowDec 8, 2023
    risk 0.16cvss 2.4epss 0.01

    A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The…

  • CVE-2023-27130MedMar 16, 2023
    risk 0.00cvss 4.8epss 0.01

    Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter.