Plone Latest High Vulnerabilities

Volto Frontend for Plone CMS Vulnerability in NodeJS Server

CVE-2025-61668

PloneVolto8.7HIGH

NodeJS Server Vulnerability in Volto Frontend for Plone CMS

CVE-2025-58047

PloneVolto7.5HIGH

Plone v6.0.9 vulnerability allows remote attackers to view and list all files

CVE-2024-22889

PlonePlone7.5HIGH

Unauthenticated attackers can execute dangerous actions via HTTP PUT and DELETE methods

CVE-2024-23756

PlonePlone7.5HIGH

Remote Code Execution Vulnerability in Plone Docker Image

CVE-2024-23054

PlonePlone Docker Official ...9.8CRITICAL

plone.rest vulnerable to Denial of Service when ++api++ is used many times

CVE-2023-42457

PlonePlone.rest7.5HIGH

Sensitive Information Exposure in Plone CMS

CVE-2021-33926

PlonePlone8.8HIGH

Remote Code Execution Flaw in Plone CMS Affecting Authentication Managers

CVE-2021-33509

PlonePlone9.9CRITICAL

Server-side Request Forgery in Plone Affects Multiple Themes and Frameworks

CVE-2021-33511

PlonePlone7.5HIGH

XXE Attack Vulnerability in Plone by Plone Foundation

CVE-2020-28736

PlonePlone8.8HIGH

Server-Side Request Forgery Vulnerability in Plone by Plone Foundation

CVE-2020-28735

PlonePlone8.8HIGH

XML External Entity Vulnerability in Plone by Plone Foundation

CVE-2020-28734

PlonePlone8.8HIGH

Docker images of Plone expose root user with default credentials

CVE-2020-35190

PlonePlone9.8CRITICAL

Privilege Escalation Vulnerability in Plone REST API

CVE-2020-7938

PlonePlone8.8HIGH

SQL Injection Vulnerability in Plone by Zope

CVE-2020-7939

PlonePlone8.8HIGH

Weak Password Security in Plone by Plone Foundation

CVE-2020-7940

PlonePlone7.5HIGH

Privilege Escalation in Plone Content Types by Plone

CVE-2020-7941

PlonePlone9.8CRITICAL

Cross-Site Request Forgery in Zope Management Interface and Plone

CVE-2015-7293

PlonePlone8.8HIGH

HTTP Response Header Injection Vulnerability in Plone by Plone Foundation

CVE-2015-7318

PlonePlone7.5HIGH

WebDAV Access Vulnerability in Plone by Plone Foundation

CVE-2016-4041

PlonePlone7.3HIGH

plone Latest High & Critical Vulnerabilities

Vulnerability Published:

Sort By:

2 October 2025

Volto Frontend for Plone CMS Vulnerability in NodeJS Server

28 August 2025

NodeJS Server Vulnerability in Volto Frontend for Plone CMS

6 March 2024

Plone v6.0.9 vulnerability allows remote attackers to view and list all files

8 February 2024

Unauthenticated attackers can execute dangerous actions via HTTP PUT and DELETE methods

5 February 2024

Remote Code Execution Vulnerability in Plone Docker Image

21 September 2023

plone.rest vulnerable to Denial of Service when ++api++ is used many times

17 February 2023

Sensitive Information Exposure in Plone CMS

21 May 2021

Remote Code Execution Flaw in Plone CMS Affecting Authentication Managers

Server-side Request Forgery in Plone Affects Multiple Themes and Frameworks

30 December 2020

XXE Attack Vulnerability in Plone by Plone Foundation

Server-Side Request Forgery Vulnerability in Plone by Plone Foundation

XML External Entity Vulnerability in Plone by Plone Foundation

17 December 2020

Docker images of Plone expose root user with default credentials

23 January 2020

Privilege Escalation Vulnerability in Plone REST API

SQL Injection Vulnerability in Plone by Zope

Weak Password Security in Plone by Plone Foundation

Privilege Escalation in Plone Content Types by Plone

25 September 2017

Cross-Site Request Forgery in Zope Management Interface and Plone

HTTP Response Header Injection Vulnerability in Plone by Plone Foundation

24 February 2017

WebDAV Access Vulnerability in Plone by Plone Foundation