Is modx/revolution safe to use?

modx/revolution has 14 known vulnerabilities on the latest version (v3.2.0-pl). DepScope rates its health at 36/100 (critical risk).

What is the latest version of modx/revolution?

The latest version of modx/revolution is v3.2.0-pl, released 2026-02-17.

Yes. modx/revolution has 14 known vulnerabilities. See depscope.dev/pkg/composer/modx/revolution for details.

No, modx/revolution is actively maintained. Latest release: v3.2.0-pl (2026-02-17).

DepScope has no curated alternatives for modx/revolution at this time.

modx/revolution is licensed under GPL-2.0+.

composervv3.2.0-pl

MODX Revolution is a Content Management System

License GPL-2.0+31 versions3 maintainers29 deps

/ 100

Health

do not use

modx/revolution has critical vulnerabilities — do not use

Update to >= 2.7.1-pl to fix known vulnerabilities

Health breakdown0 – 100

20/25

maintenance

0/20

popularity

0/25

security

12/15

maturity

4/15

community

Vulnerabilities

1 critical5 high7 medium1 low

Advisories (14)

Severity	ID	Summary	Fixed in
high	CVE-2017-9069	MODX Revolution allows overwriting .htaccess	2.5.7
medium	CVE-2017-9070	MODX Revolution cross-site scripting vulnerability	2.5.7
high	CVE-2017-9067	MODX Revolution Directory Traversal Vulnerability	2.5.7
medium	CVE-2018-20756	MODX Revolution allows XSS via document resources	2.7.1-pl
medium	CVE-2018-20757	MODX Revolution allows XSS through extended user fields	2.7.1-pl
low	CVE-2025-28010	MODX allows cross-site scripting (XSS) via an SVG file	—
high	CVE-2022-26149	Unrestricted Upload of File with Dangerous Type in MODX Revolution	—
high	CVE-2018-1000207	MODX Revolution Incorrect Access Control vulnerability	2.7.0
medium	CVE-2017-9071	MODX Revolution XSS via HTTP Host header	2.5.7
high	CVE-2017-1000067	MODX Revolution blind SQL injection	2.6.0
medium	CVE-2018-20755	MODX Revolution vulnerable to XSS attack through its User Photo field	2.7.1-pl
critical	BIT-modx-2020-25911	XML External Entity vulnerability in MODX CMS	2.8.0
medium	CVE-2017-9068	MODX Revolution Reflected XSS	2.5.7
medium	CVE-2018-20758	MODX vulnerability allows for XSS via user settings parameters	2.7.1-pl

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/composer/modx/revolution

Last updated · 2026-02-17T16:26:46+00:00