CVE-2015-9456
The CVE concerns the WordPress plugin “orbisius-child-theme-creator” (before version 1.2.8). The issue is incorrect access control on file modification via wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file with parameters theme_1, theme_1_file, or theme_1_file_conten...