MEDIUM6.5CVE-2026-44200Wagtail has improper permission handling when copying pages from 0, < 7.0.7, >= 7.1, < 7.3.2
MEDIUM6.5CVE-2026-44200Wagtail has improper permission handling when copying pages from 0, < 7.0.7
MEDIUM6.5CVE-2026-44199Wagtail has improper permission handling when deleting form submissions from 0, < 7.0.7
MEDIUM6.5Wagtail has improper permission handling when deleting form submissions
from 0, < 7.0.7, >= 7.1, < 7.3.2
MEDIUM6.5Wagtail has improper permission handling when comparing revisions
from 0, < 7.0.7
MEDIUM6.5Wagtail has improper permission handling when comparing revisions
from 0, < 7.0.7, >= 7.1, < 7.3.2
MEDIUM6.5Wagtail regular expression denial-of-service via search query parsing
>= 6.0, < 6.0.6
MEDIUM6.5Wagtail regular expression denial-of-service via search query parsing
from 0, < 31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2, < 3c941136f79c48446e3858df46e5b668d7f83797, < b783c096b6d4fd2cfc05f9137a0be288850e99a2 | >= 6.1, < 6.1.3, >= 6.0, < 6.0.6, >= 2.0, < 5.2.6
MEDIUM6.4Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
from 0, < eefc3381d37b476791610e5d30594fae443f33af, < bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713, < 5be2b1ed55fd7259dfdf2c82e7701dba407b8b62, < ff806ab173a504395fdfb3139eb0a29444ab4b91 | >= 4.2, < 4.2.2, >= 1.5, < 4.1.4
MEDIUM6.4Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
>= 1.5, < 4.1.4
MEDIUM6.1Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface
from 0, < 6.3.8
MEDIUM6.1Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
from 0, < 6.3.8
MEDIUM6.1Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
from 0, < 2.11.7
MEDIUM6.1Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
>= 2.11, < 2.11.7, from 0, < 2.11.6, >= 2.12, < 2.12.4
MEDIUM6.1Potential Observable Timing Discrepancy in Wagtail
>= 2.8, < 2.8.2, >= 2.7, < 2.7.3
MEDIUM6.1Potential Observable Timing Discrepancy in Wagtail
from 0, < 2.7.3
MEDIUM5.8Possible XSS attack in Wagtail
from 0, < 61045ceefea114c40ac4b680af58990dbe732389 | >= 1.9, < 2.7.2
MEDIUM5.8Possible XSS attack in Wagtail
>= 1.9.0, < 2.7.2
MEDIUM5.7Cross-Site Scripting in Wagtail
>= 2.8rc1, < 2.9.3
MEDIUM5.7Cross-Site Scripting in Wagtail
from 0, < d9a41e7f24d08c024acc9a3094940199df94db34 | >= 2.7, < 2.7.4, >= 2.9, < 2.9.3
MEDIUM5.5Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
>= 6.0.0, < 6.0.5
MEDIUM5.4Cross-site Scripting in wagtail
from 0, < 2.11.8
MEDIUM5.4Cross-site Scripting in wagtail
>= 2.13, < 2.13.2, >= 2.12, < 2.12.5, from 0, < 2.11.8
MEDIUM5.3Wagtail has improper restriction handling on Documents and Images API
from 0, < 7.0.7, >= 7.1, < 7.3.2
MEDIUM5.3Wagtail has improper restriction handling on Documents and Images API
from 0, < 7.0.7
MEDIUM4.4Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
from 0, < cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf, < 3c0c64642b9e5b8d28b111263c7f4bddad6c3880, < c9d2fcd650a88d76ae122646142245e5927a9165, < d4022310cbe497993459c3136311467c7ac6329a | >= 4.2, < 4.2.2, from 0, < 4.1.4
MEDIUM4.4Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
>= 4.2, < 4.2.2
MEDIUM4.3Wagtail has improper permission handling when viewing page history
from 0, < 7.0.7, >= 7.1, < 7.3.2
MEDIUM4.3Wagtail has improper permission handling when viewing page history
from 0, < 7.0.7
LOW3.5Comment reply notifications sent to incorrect users
from 0, < 5fe901e5d86ed02dbbb63039a897582951266afd | >= 2.13, < 2.15.2
LOW3.5Comment reply notifications sent to incorrect users
>= 2.13, < 2.15.2
LOW2.7Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
>= 6.0.0, < 6.0.3
LOW2.7Wagtail vulnerable to disclosure of user names via admin bulk action views
from 0, < 4.1.9
LOW2.7Wagtail vulnerable to disclosure of user names via admin bulk action views
from 0, < bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b | from 0, < 4.1.9, >= 4.2, < 5.0.5, >= 5.1, < 5.1.3
—Wagtail has improper permission handling on admin preview endpoints
from 0, < 6.3.6