📦 Wondercms

This cross-site scripting (XSS) vulnerability in WonderCMS v3.4.3 allows attackers to inject malicious scripts into the website title parameter, which then executes in users' browsers when they visit ...

This SSRF vulnerability in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code by exploiting the theme/plugin installer functionality. Attackers can craft malicious URLs that trigger ser...

WonderCMS 3.5.0 contains a Server-Side Request Forgery (SSRF) vulnerability in its custom module installation feature. Authenticated administrators can exploit this by providing malicious URLs, causin...

This vulnerability in WonderCMS 3.5.0 allows remote attackers to upload arbitrary files through the theme/plugin installation function, potentially leading to code execution. The vulnerability affects...

This Server-Side Request Forgery (SSRF) vulnerability in WonderCMS v3.4.3 allows attackers to force the application to make arbitrary HTTP requests to internal or external systems by injecting crafted...