kliqqi CVE Vulnerabilities & Metrics

Focus on kliqqi vulnerabilities and metrics.

Last updated: 29 Jun 2025, 22:25 UTC

About kliqqi Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with kliqqi. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total kliqqi CVEs: 8
Earliest CVE date: 22 Apr 2018, 15:29 UTC
Latest CVE date: 25 Oct 2024, 18:15 UTC

Latest CVE reference: CVE-2024-48700

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical kliqqi CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.01

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	2
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS kliqqi CVEs

These are the five CVEs with the highest CVSS scores for kliqqi, sorted by severity first and recency.

CVE-2020-21121 kliqqi Published on 15 Sep 2021, 17:15 UTC (CVSS: 7.5)
Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
CVE-2017-17902 kliqqi Published on 22 Apr 2018, 15:29 UTC (CVSS: 7.5)
SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI.
CVE-2016-10756 kliqqi Published on 24 May 2019, 18:29 UTC (CVSS: 6.8)
Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself.
CVE-2018-11405 kliqqi Published on 24 May 2018, 07:29 UTC (CVSS: 6.8)
Kliqqi 2.0.2 has CSRF in admin/admin_users.php.
CVE-2017-17889 kliqqi Published on 22 Apr 2018, 15:29 UTC (CVSS: 3.5)
Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php.

All CVEs for kliqqi

CVE-2024-48700 kliqqi vulnerability CVSS: 0 25 Oct 2024, 18:15 UTC

Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.

CVE-2024-31673 kliqqi vulnerability CVSS: 0 03 May 2024, 18:15 UTC

Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via the userid parameter.

CVE-2020-21119 kliqqi vulnerability CVSS: 0 15 Feb 2023, 22:15 UTC

SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.

CVE-2020-21121 kliqqi vulnerability CVSS: 7.5 15 Sep 2021, 17:15 UTC

Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.

CVE-2016-10756 kliqqi vulnerability CVSS: 6.8 24 May 2019, 18:29 UTC

Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself.

CVE-2018-11405 kliqqi vulnerability CVSS: 6.8 24 May 2018, 07:29 UTC

Kliqqi 2.0.2 has CSRF in admin/admin_users.php.

CVE-2017-17902 kliqqi vulnerability CVSS: 7.5 22 Apr 2018, 15:29 UTC

SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI.

CVE-2017-17889 kliqqi vulnerability CVSS: 3.5 22 Apr 2018, 15:29 UTC

Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php.