Child Theme Creator by Orbisius < 1.5.2 - CSRF to Arbitrary File Modification/Creation

This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution (RCE) on a vulnerable site’s server.

PoC

The following will create hello.php in the /twentytwenty theme directory. You can just swap out sub_cmd and theme files for the other AJAX actions.