Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41425 | 1 Wondercms | 1 Wondercms | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. | |||||
| CVE-2014-8704 | 1 Wondercms | 1 Wondercms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. | |||||
| CVE-2014-8702 | 1 Wondercms | 1 Wondercms | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. | |||||
| CVE-2014-8703 | 1 Wondercms | 1 Wondercms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2014-8705 | 1 Wondercms | 1 Wondercms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. | |||||
| CVE-2014-8701 | 1 Wondercms | 1 Wondercms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. | |||||
| CVE-2017-7951 | 1 Wondercms | 1 Wondercms | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | |||||
| CVE-2011-5317 | 1 Wondercms | 1 Wondercms | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | |||||
| CVE-2024-41304 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2024-32337 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module. | |||||
| CVE-2024-32338 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module. | |||||
| CVE-2024-32339 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | |||||
| CVE-2024-32340 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 9.6 CRITICAL |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module. | |||||
| CVE-2024-32341 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | |||||
| CVE-2024-32743 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.5 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module. | |||||
| CVE-2024-32744 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 4.6 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module. | |||||
| CVE-2024-32745 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.9 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module. | |||||
| CVE-2024-32746 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 4.6 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module. | |||||
| CVE-2024-27563 | 1 Wondercms | 1 Wondercms | 2025-01-21 | N/A | 5.3 MEDIUM |
| A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | |||||
| CVE-2024-27561 | 1 Wondercms | 1 Wondercms | 2025-01-21 | N/A | 8.1 HIGH |
| A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter. | |||||