3 matches found
CVE-2020-28649
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...
CVE-2020-28649
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...
CVE-2020-28649
The CVE-2020-28649 entry concerns the WordPress plugin orbisius-child-theme-creator (before 1.5.2). The vulnerability is a CSRF flaw in the orbisius_ctc_theme_editor_manage_file action that lets an attacker forge administrator requests to manage files. Exploitation could enable arbitrary file mod...