Pluxml: community verdicts
2 notable / known-exploited Pluxml CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Pluxml CVE, see NVD ↗.
- CVE-2022-25018HIGH 8.8Real · low riskEPSS 3%
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
- CVE-2022-25020MED 5.4EPSS 1%
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.