Wagtail — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in Wagtail, with AI-generated Chinese analysis, references, and POCs.

Vendor: wagtail

CVE ID	Title	CVSS	Severity	Published
CVE-2026-28222	Wagtail: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes CWE-79	6.1	Medium	2026-03-05
CVE-2026-28223	Wagtail: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface CWE-79	6.1	Medium	2026-03-05
CVE-2026-25517	Wagtail has improper permission handling on admin preview endpoints CWE-862	5.3^AI	Medium^AI	2026-02-04
CVE-2024-39317	Wagtail regular expression denial-of-service via search query parsing CWE-1333	6.5	Medium	2024-07-11
CVE-2024-35228	Improper Handling of Insufficient Permissions in Wagtail CWE-280	5.5	Medium	2024-05-30
CVE-2024-32882	Permission check bypass when editing a model with per-field restrictions in wagtail CWE-280	2.7	Low	2024-05-02
CVE-2023-45809	Disclosure of user names via admin bulk action views in wagtail CWE-200	2.7	Low	2023-10-19
CVE-2023-28837	Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files CWE-400	4.9	Medium	2023-04-03
CVE-2023-28836	Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views CWE-79	6.4	Medium	2023-04-03
CVE-2022-21683	Comment reply notifications sent to incorrect users in wagtail CWE-200	3.5	Low	2022-01-18
CVE-2021-32681	Improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks CWE-79	5.4	Medium	2021-06-17
CVE-2021-29434	Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields CWE-79	6.1	Medium	2021-04-19
CVE-2020-15118	Cross-Site Scripting in Wagtail CWE-79	5.7	Medium	2020-07-20
CVE-2020-11037	Potential Observable Timing Discrepancy in Wagtail CWE-208	6.1	Medium	2020-04-30
CVE-2020-11001	Possible XSS attack in Wagtail CWE-80	5.8	Medium	2020-04-14

All 15 known CVE vulnerabilities affecting Wagtail with full Chinese analysis, references, and POCs where available.