Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40488: ProcessWire: An open source CMS with a powerful API

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).

CVE
#csrf
// Render your site’s primary navigation
echo $pages->get('/')->children->each('<li><a href={url}>{title}</a>');

// Find buildings: built before 1950, 10+ floors, sort by height
$pages->find('template=building, year<1950, floors>=10, sort=height');

// Output field “headline” when present or “title” if not
echo '<h1>' . $page->get('headline|title') . '</h1>';

// Get “email” field from /contact/ page and use it in link
<a href='mailto:<?= $pages->get('/contact/')->email ?>'>Email</a>

// Output first “images” field item on page at 90px width
<img src='<?= $page->images->first->width(90)->url ?>'>

// Set “headline” field value on page and save to database
$page->setAndSave('headline', 'Hello world');

Every bit of content in your site is never more than 1-line of code away. It doesn’t matter how large or small your site is, with ProcessWire all your content is connected, making it fast and easy to find, and incredibly simple to access, output and manipulate.

All fields in ProcessWire are custom fields that you easily define and edit in the admin. You can create as many of them as you want, and of any type. You can even bundle them in repeatable groups called Repeater fields. ProcessWire is built to adapt to your content needs.

Every field has a type and there are dozens of different types. It’s all here—text, rich text, numbers, files, images, multi-language, dates, page references, custom repeatable groups, and on and on… plus you can easily add more, since they are plugins/modules!

Related news

GHSA-vpwh-qmwc-2phg: ProcessWire vulnerable to Cross-Site Request Forgery

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907