pluxml/PluXml

pluxml/PluXml

Releases41

Frequency3 months 4 weeks

Last Release 2 months ago

Stars231

A CMS to create lightweight websites with ease and without database.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-67436 ↗	Dec 22, 2025Monday, 22 December 2025, 22:16	6.5 MEDIUM	—
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).
CVE-2024-48138 ↗	Oct 29, 2024Tuesday, 29 October 2024, 22:15	9.8 CRITICAL	—
A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template.
CVE-2022-25018 ↗	Mar 1, 2022Tuesday, 1 March 2022, 02:15	8.8 HIGH	6.5 MEDIUM
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
CVE-2020-18184 ↗	Oct 2, 2020Friday, 2 October 2020, 13:15	7.2 HIGH	6.5 MEDIUM
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
CVE-2020-18185 ↗	Oct 2, 2020Friday, 2 October 2020, 13:15	9.8 CRITICAL	7.5 HIGH
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.
CVE-2017-1001001 ↗	Nov 1, 2017Wednesday, 1 November 2017, 17:29	—	3.5 LOW
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.