Lucene search
K

37 matches found

CNNVD
CNNVD
added 2025/01/24 12:0 a.m.5 views

WordPress plugin Orbisius Simple Notice 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS7.9AI score0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.4 views

PT-2025-5462 · WordPress · Orbisius Simple Notice

Name of the Vulnerable Software and Affected Versions: Orbisius Simple Notice versions 1.1.3 and earlier Description: The issue affects the Orbisius Simple Notice plugin, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting...

5.9CVSS5.5AI score0.00341EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.7 views

WordPress plugin Child Theme Creator by Orbisius 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

4.3CVSS8AI score0.0034EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/16 9:44 a.m.4 views

WordPress Child Theme Creator by Orbisius plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Child Theme Creator versions = 1.5.4...

7.1CVSS6.1AI score0.0029EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/11/23 12:0 a.m.3 views

WordPress orbisius-child-theme-creator plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. orbisius-child-theme-creator is a child theme builder plugin used in it. A cross-site request forgery vulnerability exists in versions...

8.8CVSS6.7AI score0.00765EPSS
Exploits2References1
NVD
NVD
added 2020/11/16 4:15 a.m.14 views

CVE-2020-28649

The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...

8.8CVSS8.9AI score0.00765EPSS
Exploits2References2
OSV
OSV
added 2020/11/16 4:15 a.m.4 views

CVE-2020-28649

The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...

8.8CVSS7.3AI score0.00765EPSS
Exploits2References2
Prion
Prion
added 2020/11/16 4:15 a.m.11 views

Cross site request forgery (csrf)

The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...

6.8CVSS8.7AI score0.00765EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/11/16 2:50 a.m.23 views

CVE-2020-28649

The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...

8.8CVSS8.8AI score0.00765EPSS
Exploits2References2
wpexploit
wpexploit
added 2020/10/14 12:0 a.m.32 views

Child Theme Creator by Orbisius < 1.5.2 - CSRF to Arbitrary File Modification/Creation

This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution RCE on a vulnerable site’s server. The following will create hello.php in the...

6.8CVSS1.4AI score0.00765EPSS
Exploits2References1
Patchstack
Patchstack
added 2020/10/14 12:0 a.m.10 views

WordPress Child Theme Creator by Orbisius plugin <= 1.5.1 - Cross-Site Request Forgery (CSRF) to Arbitrary File Modification/Creation vulnerability

Cross-Site Request Forgery CSRF to Arbitrary File Modification/Creation vulnerability found by Chloe Chamberland in WordPress Child Theme Creator by Orbisius plugin versions = 1.5.1. Solution Update the WordPress Child Theme Creator by Orbisius plugin to the latest available version at least 1.5....

3.2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/14 12:0 a.m.20 views

Child Theme Creator by Orbisius < 1.5.2 - CSRF to Arbitrary File Modification/Creation

This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution RCE on a vulnerable site’s server. PoC The following will create hello.php in the...

6.8CVSS4.1AI score0.00765EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2019/10/07 3:15 p.m.15 views

CVE-2015-9456

The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax&subcmd=savefile theme1, theme1file, or theme1filecontents parameter...

6.5CVSS6.6AI score0.01373EPSS
Exploits1References3
Prion
Prion
added 2019/10/07 3:15 p.m.12 views

Design/Logic Flaw

The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax&subcmd=savefile theme1, theme1file, or theme1filecontents parameter...

4CVSS7.2AI score0.01373EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/10/07 2:27 p.m.21 views

CVE-2015-9456

The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax&subcmd=savefile theme1, theme1file, or theme1filecontents parameter...

6.6AI score0.01373EPSS
Exploits1References3
CVE
CVE
added 2019/10/07 2:27 p.m.48 views

CVE-2015-9456

The CVE concerns the WordPress plugin “orbisius-child-theme-creator” (before version 1.2.8). The issue is incorrect access control on file modification via wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file with parameters theme_1, theme_1_file, or theme_1_file_conten...

6.5CVSS6.6AI score0.01373EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/08 12:0 a.m.17 views

Child Theme Creator by Orbisius <= 1.2.6 - Arbitrary File Write

The Child Theme Creator by Orbisius WordPress plugin was affected by an Arbitrary File Write security vulnerability...

4CVSS2.5AI score0.01373EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder