VYPR

Vendor CVEs

Wbce

All CVEs

34 total · sorted by risk
  • CVE-2017-2119HigApr 28, 2017
    risk 0.56cvss 8.6epss 0.04

    Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2017-2120HigApr 28, 2017
    risk 0.47cvss 7.2epss 0.01

    SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-2118MedApr 28, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-6313MedJan 25, 2018
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.

  • CVE-2017-1000213MedNov 17, 2017
    risk 0.31cvss 4.8epss 0.01

    WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search

  • CVE-2023-39796Nov 10, 2023
    risk 0.06cvss epss 0.06

    SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.

  • CVE-2021-3817Dec 9, 2021
    risk 0.06cvss epss 0.38

    wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

  • CVE-2022-30073May 17, 2022
    risk 0.01cvss epss 0.02

    WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.

  • CVE-2022-50936Jan 13, 2026
    risk 0.00cvss epss 0.01

    WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute…

  • CVE-2023-53910Dec 17, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with…

  • CVE-2023-53909Dec 17, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the…

  • CVE-2023-53901Dec 16, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image…

  • CVE-2025-34506Dec 11, 2025
    risk 0.00cvss epss 0.01

    WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the…

  • CVE-2024-58283Dec 10, 2025
    risk 0.00cvss epss 0.01

    WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and…

  • CVE-2025-65950Dec 10, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration,…

  • CVE-2025-67504Dec 9, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account…

  • CVE-2025-66204Dec 8, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all…

  • CVE-2025-65094Nov 19, 2025
    risk 0.00cvss epss 0.00

    WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only…

  • CVE-2023-43871Sep 28, 2023
    risk 0.00cvss epss 0.00

    A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).

  • CVE-2023-38947Aug 3, 2023
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2023-29855Apr 18, 2023
    risk 0.00cvss epss 0.01

    WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.

  • CVE-2022-45037Nov 25, 2022
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.

  • CVE-2022-45036Nov 25, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.

  • CVE-2022-45038Nov 25, 2022
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.

  • CVE-2022-45040Nov 25, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.

  • CVE-2022-45013Nov 21, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.

  • CVE-2022-45016Nov 21, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.

  • CVE-2022-45012Nov 21, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.

  • CVE-2022-45014Nov 21, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.

  • CVE-2022-45015Nov 21, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.

  • CVE-2022-4006Nov 15, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to…

  • CVE-2022-30072May 17, 2022
    risk 0.00cvss epss 0.01

    WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.

  • CVE-2022-28477Apr 28, 2022
    risk 0.00cvss epss 0.01

    WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).

  • CVE-2022-25101Feb 23, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.