CVE-2018-25437 WordPress CherryFramework Themes 3.1.4 Backup File Download

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...

PT-2005-2664 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: Wordpress versions 1.5 and earlier Description: The issue allows remote attackers to obtain sensitive information via a direct request to files in 1 wp-content/themes/, 2 wp-includes/, or 3 wp-admin/, which reveal the path in an error message...