Exposure of SPIP
CMS37
exposure score
2,307
sites use
0
exploited
4
critical
CVEs
19 resultsCVE-2024-8517CRITICALSPIP Bigup Multipart File Upload OS Command InjectionEPSS 94.6%CVE-2024-7954CRITICALSPIP porte_plume Plugin Arbitrary PHP ExecutionEPSS 89.8%CVE-2026-27475CRITICALSPIP < 4.4.9 Insecure DeserializationEPSS 0.8%CVE-2026-22206HIGHSPIP < 4.4.10 SQL Injection RCE via Union & PHP TagsEPSS 0.6%CVE-2026-8429HIGHSPIP < 4.4.14 Remote Code Execution via Private SpaceEPSS 0.5%CVE-2026-22205HIGHSPIP < 4.4.10 Authentication Bypass via PHP Type JugglingEPSS 0.5%CVE-2026-8430CRITICALSPIP < 4.4.14 Remote Code Execution via nginxEPSS 0.4%CVE-2023-53900MEDIUMSpip 4.1.10 Admin Account Spoofing via Malicious SVG UploadEPSS 0.3%CVE-2026-27474MEDIUMSPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix)EPSS 0.3%CVE-2026-27472MEDIUMSPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated SitesEPSS 0.3%CVE-2026-27473MEDIUMSPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated SitesEPSS 0.3%CVE-2025-71242MEDIUMSPIP < 4.3.6 Authorization Bypass Leading to Content DisclosureEPSS 0.2%CVE-2026-33549MEDIUMSPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an authoEPSS 0.2%CVE-2025-71241MEDIUMSPIP < 4.3.6 Cross-Site Scripting in Private AreaEPSS 0.2%CVE-2025-71244MEDIUMSPIP < 4.4.5 Open Redirect via Login FormEPSS 0.2%CVE-2026-26223MEDIUMSPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private AreaEPSS 0.2%CVE-2026-26345HIGHSPIP < 4.4.8 Cross-Site Scripting in Public AreaEPSS 0.2%CVE-2026-48832LOWaction/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.EPSS 0.2%CVE-2025-71240MEDIUMSPIP < 4.2.15 Cross-Site Scripting via Code TagsEPSS 0.2%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →