Vulnerabilities > Wondercms > Wondercms > 3.1.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-20 | CVE-2020-35314 | OS Command Injection vulnerability in Wondercms 3.1.3 A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | 7.5 |
2021-04-20 | CVE-2020-35313 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | 7.5 |
2020-12-30 | CVE-2020-29469 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. | 3.5 |
2020-12-30 | CVE-2020-29233 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. | 3.5 |
2020-12-24 | CVE-2020-29247 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. | 4.3 |