CVE-2025-67436

Name of the Vulnerable Software and Affected Versions PluXml CMS version 5.8.22

Description An authenticated attacker with administrator panel access can execute arbitrary code remotely. This is achieved by injecting a malicious PHP webshell into a theme file, such as home.php. The attack requires administrator privileges within the PluXml CMS panel.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.