Processwire: community verdicts
3 notable / known-exploited Processwire CVEs the community has triaged.
- CVE-2022-40487MED 6.1EPSS 0%
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.
- CVE-2022-40488MED 6.5EPSS 0%
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
- CVE-2024-41597MED 4.2DisputedEPSS 0%
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.