CVE-2026-3772

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

CVE-2026-5293

The CVE concerns the WordPress plugin Diagnosis Generator (診断ジェネレータ作成プラグイン) up to version 1.4.16. It enables Stored Cross-Site Scripting via the js parameter due to missing authorization checks and insufficient input sanitization in themeFunc(), which runs on admin_init and processes theme update...

CVE-2026-3772 WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

CVE-2026-3772 WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

PT-2026-36318

Name of the Vulnerable Software and Affected Versions WP Editor versions prior to 1.2.9.3 Description The WP Editor plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs because...

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

EUVD-2026-17267

baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API...

baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API

Summary A path traversal vulnerability exists in the baserCMS 5.x theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary...

GHSA-C5C6-37VQ-PJCQ baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API

Summary A path traversal vulnerability exists in the baserCMS 5.x theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary...

Directory Traversal

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Directory Traversal via the theme file management API when an authenticated administrator supplies crafted input to the path parameter. An attacker can write arbitra...

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

CVE-2026-30940

CVE-2026-30940 affects baserCMS prior to version 5.2.3. A path traversal flaw exists in the theme file management API at /baser/api/admin/bc-theme-file/theme_files/add.json, allowing an authenticated administrator to inject ../ sequences in the path and create a PHP file outside the theme directo...

CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

PT-2026-29152

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/theme files/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

baserCMS 安全漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 contained security vulnerabilities. These vulnerabilities were caused by path traversal in the theme file management API, which could lead to arbitrary file writing and...

Linux Distros Unpatched Vulnerability : CVE-2025-67436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme...

CVE-2025-67436

Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...

EUVD-2025-204758

Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...