Vulnerabilities > Wondercms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-05 | CVE-2024-27561 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter. | 8.1 |
| 2018-07-18 | CVE-2018-14387 | Session Fixation vulnerability in Wondercms An issue was discovered in WonderCMS before 2.5.2. | 8.8 |
| 2018-01-26 | CVE-2017-14523 | Injection vulnerability in Wondercms 2.3.1 WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. | 7.5 |
| 2018-01-26 | CVE-2017-14521 | Unrestricted Upload of File with Dangerous Type vulnerability in Wondercms 2.3.0/2.3.1 In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. | 8.8 |
| 2017-04-21 | CVE-2017-7951 | Cross-Site Request Forgery (CSRF) vulnerability in Wondercms WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | 8.8 |
| 2017-03-17 | CVE-2014-8701 | Information Exposure vulnerability in Wondercms 2014 Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. | 7.5 |