Vulnerabilities in Bludit
15 resultsCVE-2026-25099HIGHRemote Code Execution via Unrestricted File Upload in BluditEPSS 1.9%CVE-2024-24551HIGHBludit - Remote Code Execution (RCE) through Image APIEPSS 0.8%CVE-2024-24550HIGHBludit - Remote Code Execution (RCE) through File APIEPSS 0.7%CVE-2023-53907HIGHBludit 3.13.1 Authenticated Arbitrary File Download via Backup PluginEPSS 0.7%CVE-2024-24552MEDIUMBludit is Vulnerable to Session FixationEPSS 0.4%CVE-2026-41456MEDIUMBludit CMS Reflected XSS via Search PluginEPSS 0.4%CVE-2026-25101MEDIUMSession Fixation in BluditEPSS 0.4%CVE-2026-46656HIGHBludit CMS has improper authorization and mediation failure leading to persistent ghost sessionsEPSS 0.3%CVE-2026-46657HIGHBludit's persistent authentication tokens not revoked upon account disablementEPSS 0.3%CVE-2024-24554MEDIUMBludit - Insecure Token GenerationEPSS 0.2%CVE-2024-24553MEDIUMBludit uses SHA1 as Password Hashing AlgorithmEPSS 0.2%CVE-2026-25100MEDIUMStored XSS via SVG File Upload in BluditEPSS 0.2%CVE-2026-4420MEDIUMStored XSS via Page Creating functionality in BluditEPSS 0.2%CVE-2026-27741MEDIUMBludit <= 3.16.1 CSRF in Plugin and Theme Management EndpointsEPSS 0.1%CVE-2026-27742MEDIUMBludit <= 3.16.2 Stored XSS in Post ContentEPSS 0.1%