Known Vulnerabilities for products from Fork-cms
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Fork-cms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-32710 json | Not Provided | 2026-03-20 | 2026-03-27 | |
| CVE-2026-31398 json | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2026-28798 json | Not Provided | 2026-04-03 | 2026-04-06 | |
| CVE-2026-27456 json | Not Provided | 2026-04-03 | 2026-04-06 | |
| CVE-2026-23225 json | Not Provided | 2026-02-18 | 2026-04-02 | |
| CVE-2026-23100 json | Not Provided | 2026-02-04 | 2026-04-18 | |
| CVE-2026-1999 json | Not Provided | 2026-02-18 | 2026-04-08 | |
| CVE-2025-21709 json | Not Provided | 2025-02-27 | 2026-04-22 | |
| CVE-2025-9957 json | Not Provided | 2026-04-22 | 2026-04-22 | |
| CVE-2025-3032 json | Not Provided | 2025-04-01 | 2026-04-13 | |
| CVE-2022-35590 json | A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_dat... | 4.8 - MEDIUM | 2022-08-12 | 2022-08-15 |
| CVE-2022-35589 json | A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on... | 4.8 - MEDIUM | 2022-08-12 | 2022-08-15 |
| CVE-2022-35587 json | A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on... | 4.8 - MEDIUM | 2022-08-12 | 2022-08-15 |
| CVE-2022-35585 json | A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "... | 4.8 - MEDIUM | 2022-08-12 | 2022-08-15 |
| CVE-2022-1064 json | SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | 8.8 - HIGH | 2022-03-25 | 2022-03-31 |
| CVE-2022-0153 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-24 | 2022-03-29 |
| CVE-2022-0145 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-24 | 2022-03-29 |
| CVE-2021-28931 json | Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes di... | 8.8 - HIGH | 2021-07-07 | 2021-07-12 |
| CVE-2020-24036 json | PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user t... | 8.8 - HIGH | 2021-03-04 | 2021-07-21 |
| CVE-2020-23960 json | Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers ... | 8.8 - HIGH | 2021-01-11 | 2021-07-12 |