Vulnerabilities > Wondercms > Wondercms > 3.1.3

DATE CVE VULNERABILITY TITLE RISK
2021-04-20 CVE-2020-35314 OS Command Injection vulnerability in Wondercms 3.1.3
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
network
low complexity
wondercms CWE-78
7.5
7.5
2021-04-20 CVE-2020-35313 Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
network
low complexity
wondercms CWE-918
7.5
7.5
2020-12-30 CVE-2020-29469 Cross-site Scripting vulnerability in Wondercms 3.1.3
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component.
network
wondercms CWE-79
3.5
3.5
2020-12-30 CVE-2020-29233 Cross-site Scripting vulnerability in Wondercms 3.1.3
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component.
network
wondercms CWE-79
3.5
3.5
2020-12-24 CVE-2020-29247 Cross-site Scripting vulnerability in Wondercms 3.1.3
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel.
network
wondercms CWE-79
4.3
4.3