Wondercms Security Vulnerabilities and Issues — Wondercms CVE List

Lucene search

WondercmsWondercms

6 matches found

CVE•added 2021/04/20 8:15 p.m.•67 views

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.

9.8CVSS9.8AI score0.39573EPSS

CVE•added 2021/04/20 8:15 p.m.•65 views

CVE-2020-35313

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.

9.8CVSS9.6AI score0.25973EPSS

CVE•added 2024/04/17 9:15 p.m.•50 views

CVE-2024-32340

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.

9.6CVSS5.8AI score0.0011EPSS

CVE•added 2024/03/05 5:15 p.m.•47 views

CVE-2024-27561

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.

9.1CVSS7.2AI score0.00176EPSS

CVE•added 2017/03/17 2:59 p.m.•31 views

CVE-2014-8705

PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.

9.8CVSS9.6AI score0.00691EPSS

CVE•added 2017/03/17 2:59 p.m.•29 views

CVE-2014-8704

Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.

9.8CVSS9.1AI score0.01342EPSS