chyrp CVE Vulnerabilities & Metrics

Focus on chyrp vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About chyrp Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with chyrp. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total chyrp CVEs: 2
Earliest CVE date: 19 Jul 2011, 20:55 UTC
Latest CVE date: 10 Dec 2025, 22:16 UTC

Latest CVE reference: CVE-2024-58285

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical chyrp CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.34

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	5
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS chyrp CVEs

These are the five CVEs with the highest CVSS scores for chyrp, sorted by severity first and recency.

CVE-2011-2744 chyrp Published on 19 Jul 2011, 20:55 UTC (CVSS: 6.8)
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
CVE-2011-2745 chyrp Published on 27 Jul 2011, 02:55 UTC (CVSS: 6.5)
upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.
CVE-2011-2780 chyrp Published on 19 Jul 2011, 21:55 UTC (CVSS: 5.0)
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.
CVE-2012-1001 chyrp Published on 21 Nov 2019, 22:15 UTC (CVSS: 4.3)
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
CVE-2011-2743 chyrp Published on 19 Jul 2011, 21:55 UTC (CVSS: 4.3)
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php.

All CVEs for chyrp

CVE-2024-58285 chyrp vulnerability CVSS: 0 10 Dec 2025, 22:16 UTC

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.

CVE-2012-1001 chyrp vulnerability CVSS: 4.3 21 Nov 2019, 22:15 UTC

Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.

CVE-2014-7264 chyrp vulnerability CVSS: 3.5 11 Dec 2014, 23:59 UTC

Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user.email or (2) user.website field in a user registration.

CVE-2011-2745 chyrp vulnerability CVSS: 6.5 27 Jul 2011, 02:55 UTC

upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.

CVE-2011-2780 chyrp vulnerability CVSS: 5.0 19 Jul 2011, 21:55 UTC

Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.

CVE-2011-2743 chyrp vulnerability CVSS: 4.3 19 Jul 2011, 21:55 UTC

Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php.

CVE-2011-2744 chyrp vulnerability CVSS: 6.8 19 Jul 2011, 20:55 UTC

Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.