Known Vulnerabilities for products from Bludit
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bludit".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-25101 | Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after au... | Not Provided | 2026-03-27 | 2026-04-02 |
| CVE-2026-25100 | Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker with c... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2026-25099 | Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension witho... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2021-35323 | Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. | 6.1 - MEDIUM | 2021-10-19 | 2021-11-30 |
| CVE-2021-25808 | A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted... | 7.8 - HIGH | 2021-07-23 | 2021-08-02 |
| CVE-2020-23765 | A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an att... | 7.2 - HIGH | 2021-05-21 | 2021-05-27 |
| CVE-2020-20495 | bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. | 9.1 - CRITICAL | 2021-09-01 | 2021-09-08 |
| CVE-2020-20210 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-06-26 | 2023-07-05 |
| CVE-2020-19228 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-05-11 | 2022-05-18 |
| CVE-2020-18879 | Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via ... | 9.8 - CRITICAL | 2021-08-20 | 2021-08-24 |
| CVE-2020-18190 | Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-... | 9.1 - CRITICAL | 2020-10-02 | 2020-10-09 |
| CVE-2020-15026 | Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file downloa... | 4.9 - MEDIUM | 2020-06-24 | 2020-06-30 |
| CVE-2020-15006 | Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | 5.4 - MEDIUM | 2020-06-24 | 2020-07-02 |
| CVE-2020-13889 | showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | 5.4 - MEDIUM | 2020-06-06 | 2020-06-09 |
| CVE-2020-8812 | ** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the ve... | 5.4 - MEDIUM | 2020-02-07 | 2023-11-07 |
| CVE-2020-8811 | ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. | 4.3 - MEDIUM | 2020-02-07 | 2020-02-10 |
| CVE-2019-17240 | bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many diff... | 9.8 - CRITICAL | 2019-10-06 | 2020-10-21 |
| CVE-2019-16334 | In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may... | 4.8 - MEDIUM | 2019-09-15 | 2019-09-16 |
| CVE-2019-16113 | Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg fi... | 8.8 - HIGH | 2019-09-08 | 2022-04-26 |
| CVE-2019-12742 | Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs becaus... | 8.8 - HIGH | 2019-06-05 | 2020-08-24 |
Known software with vulnerabilities from Bludit
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Bludit | Bludit | 0.1 |