CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2020-35313

A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...

CVE-2018-1000062

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction, 'svg' = 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG...

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...