WordPress WP Child Theme Generator plugin <= 1.1.1 - Unauthenticated Child Theme Creation/Activation vulnerability

Unauthenticated Child Theme Creation/Activation vulnerability discovered by Lucio Sá in WordPress Plugin WP Child Theme Generator versions = 1.1.1...

PT-2024-26891 · WordPress · Wp Child Theme Generator

Name of the Vulnerable Software and Affected Versions: WP Child Theme Generator plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to a missing capability check on the wctg easy child theme function, allowing unauthorized modification of data. This enables...

CVE-2019-15822

The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal...