37 matches found
WordPress plugin Orbisius Simple Notice 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-5462 · WordPress · Orbisius Simple Notice
Name of the Vulnerable Software and Affected Versions: Orbisius Simple Notice versions 1.1.3 and earlier Description: The issue affects the Orbisius Simple Notice plugin, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting...
WordPress plugin Child Theme Creator by Orbisius 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
WordPress Child Theme Creator by Orbisius plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Child Theme Creator versions = 1.5.4...
WordPress orbisius-child-theme-creator plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. orbisius-child-theme-creator is a child theme builder plugin used in it. A cross-site request forgery vulnerability exists in versions...
CVE-2020-28649
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...
CVE-2020-28649
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...
Cross site request forgery (csrf)
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...
CVE-2020-28649
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...
Child Theme Creator by Orbisius < 1.5.2 - CSRF to Arbitrary File Modification/Creation
This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution RCE on a vulnerable site’s server. The following will create hello.php in the...
WordPress Child Theme Creator by Orbisius plugin <= 1.5.1 - Cross-Site Request Forgery (CSRF) to Arbitrary File Modification/Creation vulnerability
Cross-Site Request Forgery CSRF to Arbitrary File Modification/Creation vulnerability found by Chloe Chamberland in WordPress Child Theme Creator by Orbisius plugin versions = 1.5.1. Solution Update the WordPress Child Theme Creator by Orbisius plugin to the latest available version at least 1.5....
Child Theme Creator by Orbisius < 1.5.2 - CSRF to Arbitrary File Modification/Creation
This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution RCE on a vulnerable site’s server. PoC The following will create hello.php in the...
CVE-2015-9456
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax&subcmd=savefile theme1, theme1file, or theme1filecontents parameter...
Design/Logic Flaw
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax&subcmd=savefile theme1, theme1file, or theme1filecontents parameter...
CVE-2015-9456
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax&subcmd=savefile theme1, theme1file, or theme1filecontents parameter...
CVE-2015-9456
The CVE concerns the WordPress plugin “orbisius-child-theme-creator” (before version 1.2.8). The issue is incorrect access control on file modification via wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file with parameters theme_1, theme_1_file, or theme_1_file_conten...
Child Theme Creator by Orbisius <= 1.2.6 - Arbitrary File Write
The Child Theme Creator by Orbisius WordPress plugin was affected by an Arbitrary File Write security vulnerability...