Aggregates CVE and security vulnerability intelligence across all pixelimity-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk csrf and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-5206 | A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php of the component Installation. The manipulation of the argument site_description leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.1 | 0.21% | 2025-05-26 | 2025-06-05 |
| CVE-2022-28590 | A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. | [email protected] | 7.2 | 39.31% | 2022-05-03 | 2024-11-21 |
| CVE-2022-28589 | A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new | [email protected] | 4.8 | 0.22% | 2022-05-03 | 2024-11-21 |
| CVE-2021-42866 | A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php | [email protected] | 4.8 | 0.22% | 2022-03-31 | 2024-11-21 |
| CVE-2021-29056 | Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php. | [email protected] | 4.8 | 0.20% | 2021-08-17 | 2024-11-21 |
| CVE-2020-23522 | Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | [email protected] | 6.8 | 0.19% | 2021-01-19 | 2024-11-21 |
| CVE-2018-19919 | Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | [email protected] | 4.8 | 0.24% | 2018-12-06 | 2024-11-21 |