cksource CVE Vulnerabilities & Metrics

Focus on cksource vulnerabilities and metrics.

Last updated: 08 Jul 2025, 22:25 UTC

About cksource Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with cksource. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total cksource CVEs: 5
Earliest CVE date: 27 Aug 2019, 12:15 UTC
Latest CVE date: 09 Jan 2025, 19:15 UTC

Latest CVE reference: CVE-2024-13245

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical cksource CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.86

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	3
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS cksource CVEs

These are the five CVEs with the highest CVSS scores for cksource, sorted by severity first and recency.

CVE-2019-15891 cksource Published on 26 Sep 2019, 21:15 UTC (CVSS: 5.0)
An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.
CVE-2019-15862 cksource Published on 26 Sep 2019, 21:15 UTC (CVSS: 5.0)
An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.
CVE-2015-9349 cksource Published on 27 Aug 2019, 12:15 UTC (CVSS: 4.3)
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.
CVE-2024-13245 cksource Published on 09 Jan 2025, 19:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1.
CVE-2023-4771 cksource Published on 16 Nov 2023, 14:15 UTC (CVSS: 0)
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.

All CVEs for cksource

CVE-2024-13245 cksource vulnerability CVSS: 0 09 Jan 2025, 19:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1.

CVE-2023-4771 cksource vulnerability CVSS: 0 16 Nov 2023, 14:15 UTC

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.

CVE-2019-15891 cksource vulnerability CVSS: 5.0 26 Sep 2019, 21:15 UTC

An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.

CVE-2019-15862 cksource vulnerability CVSS: 5.0 26 Sep 2019, 21:15 UTC

An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.

CVE-2015-9349 cksource vulnerability CVSS: 4.3 27 Aug 2019, 12:15 UTC

The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.