Perfreeblog
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Perfreeblog.
By the Year
In 2026 there have been 0 vulnerabilities in Perfreeblog. Last year, in 2025 Perfreeblog had 5 security vulnerabilities published. Right now, Perfreeblog is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 5 | 7.00 |
| 2024 | 0 | 0.00 |
| 2023 | 4 | 8.05 |
It may take a day or so for new Perfreeblog vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Perfreeblog Security Vulnerabilities
File Upload Vulnerability in PerfreeBlog v4.0.11 installTheme
CVE-2025-60731
7.6 - High
- October 24, 2025
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function
Unrestricted File Upload
PerfreeBlog v4.0.11 Arbitrary File Read in validThemeFilePath CVE-2025-60729
CVE-2025-60729
5.3 - Medium
- October 24, 2025
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
Buffer Over-read
PerfreeBlog 4.0.11 Hard-Coded Key in JWT Handler (JwtUtil)
CVE-2025-5164
8.1 - High
- May 26, 2025
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Use of Hard-coded Credentials
PerfreeBlog 4.0.11 – Arbitrary File Upload in Attach Component
CVE-2025-29281
- April 15, 2025
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.
PerfreeBlog v4.0.11 XSS in backend settings website name field.
CVE-2025-29280
- April 15, 2025
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code.
PerfreeBlog 3.1.2 RCE via Crafted Plugin admin/plugin/access/list
CVE-2023-40825
7.2 - High
- August 28, 2023
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
Unrestricted File Upload
PerfreeBlog v3.1.2 Arbitrary File Upload in ThemeController.java
CVE-2023-30333
9.8 - Critical
- May 18, 2023
An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.
Unrestricted File Upload
PerfreeBlog 3.1.2 XSS via Post Function
CVE-2023-29643
5.4 - Medium
- May 01, 2023
Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.
XSS
Arbitrary File Upload in /admin/user/uploadImg of PerfreeBlog v3.1.1
CVE-2023-27757
9.8 - Critical
- March 15, 2023
An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.
Unrestricted File Upload
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Perfreeblog or by Perfree? Click the Watch button to subscribe.
