Pluxml Vulnerabilities
Comprehensive security vulnerability database for Pluxml products
3
0
2
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-24352 | 4.8 | This vulnerability allows an attacker to take control of a victim's session by setting a fixed session ID before the victim logs in, which can lead to session hijacking. The attacker needs to know or guess the session ID, and it has been confirmed in specific versions of the PluXml CMS, but other versions may also be at risk. | pluxmlpluxml | Exploit Available | about 1 month agoFeb 27, 2026 |
| CVE-2026-24351 | 5.1 | An attacker with editing privileges on a PluXml CMS website can inject malicious HTML and JavaScript into static pages, which will run whenever someone visits those pages. This means they could steal user data or perform actions on behalf of visitors without their consent. | pluxmlpluxml | Theoretical | about 1 month agoFeb 27, 2026 |
| CVE-2026-24350 | 5.1 | This vulnerability allows an attacker to upload a malicious SVG file to a PluXml CMS site, which can then execute harmful code when a victim directly accesses the file. The attacker needs to be authenticated to upload the file, and while the link to the image may not trigger the attack, accessing the file directly will still run the malicious code. | pluxmlpluxml | Exploit Available | about 1 month agoFeb 27, 2026 |
About Pluxml Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Pluxml products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.