Wondercms Security Vulnerabilities and Issues — Wondercms CVE List

Lucene search

WondercmsWondercms

13 matches found

CVE•added 2024/04/17 9:15 p.m.•50 views

CVE-2024-32338

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.

5.4CVSS5.8AI score0.00145EPSS

CVE•added 2024/04/17 9:15 p.m.•50 views

CVE-2024-32340

9.6CVSS5.8AI score0.0011EPSS

CVE•added 2024/04/17 9:15 p.m.•48 views

CVE-2024-32341

Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.

5.4CVSS6AI score0.00131EPSS

CVE•added 2024/07/30 6:15 p.m.•48 views

CVE-2024-41305

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

7.1CVSS7.4AI score0.00038EPSS

CVE•added 2024/03/05 5:15 p.m.•47 views

CVE-2024-27561

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.

9.1CVSS7.2AI score0.00176EPSS

CVE•added 2024/04/17 9:15 p.m.•46 views

CVE-2024-32337

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.

6.1CVSS5.8AI score0.00096EPSS

CVE•added 2024/04/17 9:15 p.m.•44 views

CVE-2024-32744

4.6CVSS5.8AI score0.00117EPSS

CVE•added 2024/04/17 9:15 p.m.•40 views

CVE-2024-32746

4.6CVSS5.8AI score0.00047EPSS

CVE•added 2024/04/17 9:15 p.m.•39 views

CVE-2024-32339

Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.

6.1CVSS6AI score0.0014EPSS

CVE•added 2024/04/17 9:15 p.m.•39 views

CVE-2024-32743

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.

5.5CVSS5.8AI score0.00069EPSS

CVE•added 2024/07/30 6:15 p.m.•39 views

CVE-2024-41304

An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.

5.4CVSS7.8AI score0.00188EPSS

CVE•added 2024/04/17 9:15 p.m.•38 views

CVE-2024-32745

5.9CVSS5.8AI score0.0003EPSS

CVE•added 2024/03/05 5:15 p.m.•34 views

CVE-2024-27563

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

6.5CVSS7.2AI score0.00132EPSS