Vulnerabilities > Wondercms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-30 | CVE-2024-41305 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.4.3 A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | 4.7 |
| 2024-03-05 | CVE-2024-27561 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter. | 8.1 |
| 2024-03-05 | CVE-2024-27563 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | 5.3 |
| 2023-11-07 | CVE-2023-41425 | Cross-site Scripting vulnerability in Wondercms Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. | 6.1 |
| 2022-11-17 | CVE-2022-43332 | Cross-site Scripting vulnerability in Wondercms 3.3.4 A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | 6.1 |
| 2021-04-20 | CVE-2020-35314 | OS Command Injection vulnerability in Wondercms 3.1.3 A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | 9.8 |
| 2021-04-20 | CVE-2020-35313 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | 9.8 |
| 2020-12-30 | CVE-2020-29469 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. | 5.4 |
| 2020-12-30 | CVE-2020-29233 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. | 5.4 |
| 2020-12-24 | CVE-2020-29247 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. | 4.8 |