CVE-2022-1538

Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed...

CVE-2023-46204

Cross-Site Request Forgery CSRF vulnerability in Muller Digital Inc. Duplicate Theme plugin = 0.1.6 versions...

CVE-2023-46204

Cross-Site Request Forgery CSRF vulnerability in Muller Digital Inc. Duplicate Theme plugin = 0.1.6 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Muller Digital Inc. Duplicate Theme plugin = 0.1.6 versions...

CVE-2023-46204

The CVE-2023-46204 entry concerns the WordPress plugin Duplicate Theme by Muller Digital Inc. (versions

PT-2023-29903 · Muller Digital · Duplicate Theme Plugin

Name of the Vulnerable Software and Affected Versions: Muller Digital Inc. Duplicate Theme plugin versions 0.1.6 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actio...

CVE-2022-38062

Cross-Site Request Forgery CSRF vulnerability in Metagauss Download Theme plugin = 1.0.9 versions...

CVE-2022-38062 WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Metagauss Download Theme plugin = 1.0.9 versions...

CVE-2023-0993

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

CVE-2023-0993

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

CVE-2022-46812

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...

CVE-2022-3359

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...

WordPress Create Block Theme plugin <= 1.2.1 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered in WordPress Create Block Theme plugin versions = 1.2.1. Solution Update the WordPress Create Block Theme plugin to the latest available version at least 1.2.2...

Server side request forgery (ssrf)

A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

WonderCMS 代码问题漏洞

WonderCMS is an open source PHP-based content management system CMS. WonderCMS 3.1.3 suffers from a code issue vulnerability that stems from server-side request forgery SSRF in the addCustomThemePluginRepository function of index.php, which allows remote attackers to exploit the vulnerability to...