42 matches found
WordPress Child Theme Creator by Orbisius plugin <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete vulnerability
Missing Authorization to Authenticated Subscriber+ Cloud Snippet Update/Delete vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Child Theme Creator versions = 1.5.5...
EUVD-2015-9296
Malware in sbrugna...
EUVD-2020-21047
Malware in sbrugna...
EUVD-2024-40168
Malicious code in bioql PyPI...
EUVD-2024-50727
Malicious code in bioql PyPI...
EUVD-2025-15747
Malicious code in bioql PyPI...
CVE-2024-12263
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clouddelete and cloudupdate functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with...
CVE-2015-9456
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax⊂cmd=savefile theme1, theme1file, or theme1filecontents parameter...
CVE-2025-39375
Cross-Site Request Forgery CSRF vulnerability in Ashok G Easy Child Theme Creator easy-child-theme-creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through = 1.3.1...
CVE-2025-39375
Cross-Site Request Forgery CSRF vulnerability in Ashok G Easy Child Theme Creator easy-child-theme-creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through = 1.3.1...
CVE-2025-39375
CVE-2025-39375 is a CSRF vulnerability in the WordPress plugin Easy Child Theme Creator (affected: <= 1.3.1). The CVE details from multiple sources (NVD/Red Hat/CVEs) confirm Cross-Site Request Forgery without explicit exploit data. The Patchstack entry reiterates CSRF in plugin versions
CVE-2025-39375 WordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Ashok G Easy Child Theme Creator easy-child-theme-creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through = 1.3.1...
CVE-2025-39375 WordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Ashok G Easy Child Theme Creator easy-child-theme-creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through = 1.3.1...
PT-2025-22032 · Unknown · Ashok G Easy Child Theme Creator
Name of the Vulnerable Software and Affected Versions: Ashok G Easy Child Theme Creator versions 1.3.1 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. This can be exploited by tricking a user...
WordPress plugin Easy Child Theme Creator 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Easy Child Theme Creator versions = 1.3.1...
CVE-2020-28649
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...
CVE-2024-43276
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Svetoslav Marinov Slavi Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4...
CVE-2024-12263
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clouddelete and cloudupdate functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with...
CVE-2024-12263 Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clouddelete and cloudupdate functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with...