Vulnerabilities in TryGhost
14 resultsCVE-2026-26980CRITICALGhost has a SQL Injection in its Content APIEPSS 70.0%CVE-2023-40028MEDIUMArbitrary file read via symlinks in GhostEPSS 57.8%CVE-2023-31133HIGHGhost vulnerable to disclosure of private API fieldsEPSS 45.7%CVE-2021-29484MEDIUMDOM XSS in Theme PreviewEPSS 7.9%CVE-2021-32817MEDIUMFile disclosure in express-hbsEPSS 1.3%CVE-2021-39192MEDIUMPrivilege escalation: all users can access Admin-level API keysEPSS 1.0%CVE-2026-22595HIGHGhost has Staff Token permission bypassEPSS 0.5%CVE-2026-22596MEDIUMGhost has SQL Injection in Members Activity FeedEPSS 0.4%CVE-2026-29053HIGHGhost Vulnerable to Remote Code Execution via Malicious ThemesEPSS 0.4%CVE-2026-22594HIGHGhost has Staff 2FA bypassEPSS 0.4%CVE-2024-43409MEDIUMGhost's improper authentication allows access to member information and actionsEPSS 0.3%CVE-2026-22597MEDIUMGhost has SSRF via External Media InlinerEPSS 0.3%CVE-2026-24778HIGHGhost vulnerable to XSS via malicious Portal preview linksEPSS 0.3%CVE-2026-29784HIGHGhost: Incomplete CSRF protections around OTC useEPSS 0.2%