cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12263,https://securityvulnerability.io/vulnerability/CVE-2024-12263,Unauthorized Modification of Data in Child Theme Creator plugin for WordPress,"The Child Theme Creator by Orbisius plugin for WordPress is susceptible to unauthorized data modification due to a lack of capability checks on the cloud_delete() and cloud_update() functions. This vulnerability enables authenticated attackers, even those with Subscriber-level access, to manipulate cloud snippets, allowing them to perform updates and deletions. This security flaw resides within the Cloud Library Addon connected to the plugin, which has since been withdrawn. Users of affected versions are advised to take immediate precautions to secure their sites.",Wordpress,Child Theme Creator By Orbisius,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-12T05:24:25.112Z,0
CVE-2020-28649,https://securityvulnerability.io/vulnerability/CVE-2020-28649,,The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.,Wordpress,Child Theme Creator,8.8,HIGH,0.0038499999791383743,false,,false,false,false,,false,false,2020-11-16T02:50:05.000Z,0
CVE-2015-9456,https://securityvulnerability.io/vulnerability/CVE-2015-9456,,"The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter.",Wordpress,Child Theme Creator,6.5,MEDIUM,0.0010000000474974513,false,,false,false,false,,false,false,2019-10-07T14:27:05.000Z,0