modx security advisories

2 threat alerts tracking vulnerabilities and security advisories that affect modx products.

Vulnios monitors modx CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent modx security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2017-7321 — modx — modx_revolution
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
criticalCVE-2017-7321
Critical Vulnerability: CVE-2017-7324 — modx — modx_revolution
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
criticalCVE-2017-7324

Track modx exposure across your environment

Vulnios automatically cross-references your asset inventory against new modx CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

modx security advisories

Critical Vulnerability: CVE-2017-7321 — modx — modx_revolution

Critical Vulnerability: CVE-2017-7324 — modx — modx_revolution

Track modx exposure across your environment