WonderCMS installUpdateThemePluginAction Function Server Request Forgery Vulnerability

WonderCMS is an open source PHP-based content management system CMS. A server request forgery vulnerability exists in the WonderCMS installUpdateThemePluginAction function, which can be exploited by an attacker to conduct an SSRF attack, thereby forcing the application to make arbitrary requests...

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

Remote code execution

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

CVE-2020-35314

WonderCMS 3.1.3 is affected by a remote code execution via installUpdateThemePluginAction in index.php, enabling an attacker to upload a crafted plugin through the theme/plugin installer and execute arbitrary code. Some sources indicate this requires an authenticated session (authenticated RCE) a...