RSS   Vulnerabilities for 'Child theme creator'   RSS

2019-10-07
 
CVE-2015-9456

CWE-732
 

 
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top