Synced 17 Jun 2026 22:27 UTC Account
← Plone

Plone vulnerabilities: known CVEs & security history

Plone · CMS · 105 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all Plone release lines — 105 in total. A CVE here doesn't mean your version is affected — check Plone's current status and the safe version to run.

105
known CVEs
0
actively exploited (KEV)
3
critical severity
0
ransomware-linked

Known Plone CVEs

Actively-exploited and most-severe first. Showing the top 80 of 105. Open any CVE for full details.

CVESeverityCVSSEPSSYear
CVE-2021-33509 critical 9.9 2% 2021
CVE-2020-35190 critical 9.8 2% 2020
CVE-2020-7941 critical 9.8 2% 2020
CVE-2011-4030 high 9.3 2% 2011
CVE-2011-3587 high 9.3 79% 2011
CVE-2021-33926 high 8.8 1% 2023
CVE-2020-28736 high 8.8 1% 2020
CVE-2020-28735 high 8.8 1% 2020
CVE-2020-28734 high 8.8 1% 2020
CVE-2020-7939 high 8.8 1% 2020
CVE-2020-7938 high 8.8 1% 2020
CVE-2015-7293 high 8.8 3% 2017
CVE-2012-5493 high 8.5 2% 2014
CVE-2012-5487 high 8.5 2% 2014
CVE-2024-22889 high 7.5 1% 2024
CVE-2024-23756 high 7.5 1% 2024
CVE-2021-33511 high 7.5 1% 2021
CVE-2020-7940 high 7.5 1% 2020
CVE-2015-7318 high 7.5 2% 2017
CVE-2011-2528 high 7.5 2% 2011
CVE-2011-0720 high 7.5 3% 2011
CVE-2007-5741 high 7.5 2% 2007
CVE-2016-4041 high 7.3 1% 2017
CVE-2021-32633 medium 6.8 2% 2021
CVE-2015-7317 medium 6.8 2% 2017
CVE-2012-5485 medium 6.8 2% 2014
CVE-2021-21336 medium 6.5 2% 2021
CVE-2017-1000483 medium 6.5 1% 2018
CVE-2012-5489 medium 6.5 1% 2014
CVE-2013-4189 medium 6.5 1% 2014
CVE-2012-5486 medium 6.4 2% 2014
CVE-2006-4247 medium 6.4 1% 2006
CVE-2024-0669 medium 6.3 0% 2024
CVE-2021-33507 medium 6.1 1% 2021
CVE-2020-7936 medium 6.1 1% 2020
CVE-2013-7062 medium 6.1 1% 2020
CVE-2017-1000484 medium 6.1 1% 2018
CVE-2017-1000481 medium 6.1 1% 2018
CVE-2015-7316 medium 6.1 1% 2017
CVE-2016-7140 medium 6.1 2% 2017
CVE-2016-7139 medium 6.1 2% 2017
CVE-2016-7138 medium 6.1 2% 2017
CVE-2016-7137 medium 6.1 2% 2017
CVE-2016-7136 medium 6.1 2% 2017
CVE-2016-7147 medium 6.1 1% 2017
CVE-2009-0662 medium 6 1% 2009
CVE-2015-7315 medium 5.9 2% 2017
CVE-2013-4195 medium 5.8 1% 2014
CVE-2013-4191 medium 5.8 1% 2014
CVE-2013-4200 medium 5.8 2% 2014
CVE-2013-7061 medium 5.5 1% 2014
CVE-2013-4197 medium 5.5 1% 2014
CVE-2011-1950 medium 5.5 2% 2011
CVE-2021-35959 medium 5.4 1% 2021
CVE-2021-33513 medium 5.4 1% 2021
CVE-2021-33512 medium 5.4 1% 2021
CVE-2021-33508 medium 5.4 1% 2021
CVE-2021-3313 medium 5.4 1% 2021
CVE-2021-29002 medium 5.4 1% 2021
CVE-2020-7937 medium 5.4 1% 2020
CVE-2017-1000482 medium 5.4 1% 2018
CVE-2016-4042 medium 5.3 1% 2017
CVE-2012-6661 medium 5 2% 2014
CVE-2012-5508 medium 5 2% 2014
CVE-2012-5506 medium 5 2% 2014
CVE-2012-5505 medium 5 1% 2014
CVE-2012-5503 medium 5 1% 2014
CVE-2012-5501 medium 5 1% 2014
CVE-2012-5499 medium 5 2% 2014
CVE-2012-5498 medium 5 3% 2014
CVE-2012-5497 medium 5 2% 2014
CVE-2012-5496 medium 5 2% 2014
CVE-2012-5495 medium 5 2% 2014
CVE-2012-5492 medium 5 1% 2014
CVE-2012-5488 medium 5 3% 2014
CVE-2013-7060 medium 5 1% 2014
CVE-2013-4196 medium 5 1% 2014
CVE-2011-4462 medium 5 2% 2011
CVE-2006-1711 medium 5 4% 2006
CVE-2016-7135 medium 4.9 3% 2017

25 older / lower-severity CVEs not shown — see Plone's full record.

Is my Plone version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your Plone version → · Monitor Plone for new CVEs →

Plone vulnerabilities — frequently asked

How many known vulnerabilities does Plone have?

IsItPatched tracks 105 CVEs for Plone. 3 are critical-severity and 20 high-severity. These span every release line — what matters is whether the version you run is affected.

Does Plone have any actively-exploited vulnerabilities?

None of Plone's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe Plone vulnerability?

Among tracked issues, CVE-2021-33509 (CRITICAL, CVSS 9.9) ranks highest — a Incorrect permission assignment weakness.

Is Plone safe to use?

It depends on the version. The latest supported Plone release (6.2.0) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Plone security status · Plone end-of-life · actively-exploited CVEs. Always verify against Plone's advisories — see our disclaimer.