Wondercms

Wondercms

36 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2024-32744

Exploit
  • EPSS 0.12%
  • Published 17.04.2024 21:15:09
  • Last modified 11.04.2025 14:49:18

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.

5.9

CVE-2024-32745

Exploit
  • EPSS 0.06%
  • Published 17.04.2024 21:15:09
  • Last modified 11.04.2025 14:48:53

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.

4.6

CVE-2024-32746

Exploit
  • EPSS 0.07%
  • Published 17.04.2024 21:15:09
  • Last modified 11.04.2025 14:48:40

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module.

5.3

CVE-2024-27563

Exploit
  • EPSS 0.13%
  • Published 05.03.2024 17:15:06
  • Last modified 21.01.2025 15:08:45

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

8.1

CVE-2024-27561

Exploit
  • EPSS 0.18%
  • Published 05.03.2024 17:15:06
  • Last modified 21.01.2025 15:08:34

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.

6.1

CVE-2023-41425

Exploit
  • EPSS 90.26%
  • Published 07.11.2023 16:15:28
  • Last modified 24.04.2025 19:15:45

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.

6.1

CVE-2022-43332

  • EPSS 0.32%
  • Published 17.11.2022 23:15:23
  • Last modified 29.04.2025 15:15:49

A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel.

9.8

CVE-2020-35314

Exploit
  • EPSS 39.57%
  • Published 20.04.2021 20:15:08
  • Last modified 21.11.2024 05:27:10

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin instal...

9.8

CVE-2020-35313

Exploit
  • EPSS 25.97%
  • Published 20.04.2021 20:15:07
  • Last modified 21.11.2024 05:27:10

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.

5.4

CVE-2020-29469

Exploit
  • EPSS 0.31%
  • Published 30.12.2020 15:15:12
  • Last modified 21.11.2024 05:24:02

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and a...