Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bludit — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting bludit. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bludit serves as a lightweight, flat-file CMS for creating and managing websites without requiring a database. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), privilege escalation flaws, and path traversal issues, contributing to its 13 recorded CVEs. The platform's security has been compromised through improper input validation, insufficient access controls, and insecure default configurations. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in its core functionality suggests a need for rigorous hardening and regular updates for production deployments.

Found 12 results / 13Clear Filters
Top products by bludit: Bludit Backup Plugin
CVE IDTitleCVSSSeverityPublished
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin — bluditCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-4420 Stored XSS via Page Creating functionality in Bludit — BluditCWE-79 5.4AIMediumAI2026-04-07
CVE-2026-25099 Remote Code Execution via Unrestricted File Upload in Bludit — BluditCWE-434 8.8 -2026-03-27
CVE-2026-25100 Stored XSS via SVG File Upload in Bludit — BluditCWE-79 5.4 -2026-03-27
CVE-2026-25101 Session Fixation in Bludit — BluditCWE-384 9.1 -2026-03-27
CVE-2026-27741 Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints — BluditCWE-352 4.3 Medium2026-02-23
CVE-2026-27742 Bludit <= 3.16.2 Stored XSS in Post Content — BluditCWE-79 5.4 Medium2026-02-23
CVE-2024-24554 Bludit - Insecure Token Generation — BluditCWE-338 9.1AICriticalAI2024-06-24
CVE-2024-24553 Bludit uses SHA1 as Password Hashing Algorithm — BluditCWE-916 9.1AICriticalAI2024-06-24
CVE-2024-24552 Bludit is Vulnerable to Session Fixation — BluditCWE-384 8.8AIHighAI2024-06-24
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API — BluditCWE-77 8.8AIHighAI2024-06-24
CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API — BluditCWE-77 9.8AICriticalAI2024-06-24

This page lists every published CVE security advisory associated with bludit. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.