Wondercms

Wondercms

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-57055

Exploit
  • EPSS 0.03%
  • Veröffentlicht 17.09.2025 00:00:00
  • Zuletzt bearbeitet 23.09.2025 15:44:52

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL ...

7.2

CVE-2025-3123

Exploit
  • EPSS 0.1%
  • Veröffentlicht 02.04.2025 23:15:17
  • Zuletzt bearbeitet 28.05.2025 15:56:33

A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upl...

4.7

CVE-2024-41305

Exploit
  • EPSS 0.06%
  • Veröffentlicht 30.07.2024 18:15:05
  • Zuletzt bearbeitet 21.11.2024 09:32:29

A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

5.4

CVE-2024-41304

Exploit
  • EPSS 0.09%
  • Veröffentlicht 30.07.2024 18:15:05
  • Zuletzt bearbeitet 11.04.2025 15:14:15

An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.

5.4

CVE-2024-32341

Exploit
  • EPSS 0.18%
  • Veröffentlicht 17.04.2024 21:15:09
  • Zuletzt bearbeitet 11.04.2025 14:50:10

Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.

6.1

CVE-2024-32337

Exploit
  • EPSS 0.13%
  • Veröffentlicht 17.04.2024 21:15:09
  • Zuletzt bearbeitet 11.04.2025 14:50:45

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.

5.4

CVE-2024-32338

Exploit
  • EPSS 0.2%
  • Veröffentlicht 17.04.2024 21:15:09
  • Zuletzt bearbeitet 11.04.2025 14:50:39

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.

6.1

CVE-2024-32339

Exploit
  • EPSS 0.19%
  • Veröffentlicht 17.04.2024 21:15:09
  • Zuletzt bearbeitet 11.04.2025 14:50:24

Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.

9.6

CVE-2024-32340

Exploit
  • EPSS 0.15%
  • Veröffentlicht 17.04.2024 21:15:09
  • Zuletzt bearbeitet 11.04.2025 14:50:17

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.

5.5

CVE-2024-32743

Exploit
  • EPSS 0.09%
  • Veröffentlicht 17.04.2024 21:15:09
  • Zuletzt bearbeitet 11.04.2025 14:49:27

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.