CVE-2024-41305

A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

CVE-2025-57055

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery SSRF in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curlexec without sufficient validation,...

PT-2024-29352 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A Server-Side Request Forgery SSRF issue in the Plugins Page allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

WonderCMS Security Breach

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS v3.1.3, which stems from a Server Request Forgery SSRF vulnerability in the getFileFromRepo function. An attacker can exploit this vulnerability by injecting a specially crafted URL...