3 matches found
CVE-2020-28649
The CVE-2020-28649 entry concerns the WordPress plugin orbisius-child-theme-creator (before 1.5.2). The vulnerability is a CSRF flaw in the orbisius_ctc_theme_editor_manage_file action that lets an attacker forge administrator requests to manage files. Exploitation could enable arbitrary file mod...
CVE-2024-43276
CVE-2024-43276 is a Reflected XSS vulnerability in the WordPress plugin Child Theme Creator by Orbisius. Public details in connected sources indicate it affects the plugin up to version 1.5.4 and is classified as Reflected XSS (Improper Neutralization of Input During Web Page Generation). The Red...
CVE-2015-9456
The CVE concerns the WordPress plugin “orbisius-child-theme-creator” (before version 1.2.8). The issue is incorrect access control on file modification via wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file with parameters theme_1, theme_1_file, or theme_1_file_conten...