Vulnerabilities > Wondercms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-30 | CVE-2024-41305 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.4.3 A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | 4.7 |
| 2023-11-07 | CVE-2023-41425 | Cross-site Scripting vulnerability in Wondercms Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. | 6.1 |
| 2022-11-17 | CVE-2022-43332 | Cross-site Scripting vulnerability in Wondercms 3.3.4 A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | 6.1 |
| 2020-12-24 | CVE-2020-29247 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. | 4.3 |
| 2018-07-18 | CVE-2018-14387 | Session Fixation vulnerability in Wondercms An issue was discovered in WonderCMS before 2.5.2. | 6.8 |
| 2018-02-27 | CVE-2018-7172 | Path Traversal vulnerability in Wondercms In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal. | 5.5 |
| 2018-01-26 | CVE-2017-14522 | Cross-site Scripting vulnerability in Wondercms 2.3.1 In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. | 6.1 |
| 2018-01-26 | CVE-2017-14521 | Unrestricted Upload of File with Dangerous Type vulnerability in Wondercms 2.3.0/2.3.1 In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. | 6.5 |
| 2017-04-21 | CVE-2017-7951 | Cross-Site Request Forgery (CSRF) vulnerability in Wondercms WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | 6.8 |
| 2017-03-17 | CVE-2014-8703 | Cross-site Scripting vulnerability in Wondercms 2014 Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. | 4.3 |