Product
wondercms
36 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-57055
CVE-2025-3123
CVE-2024-41305
CVE-2024-41304
CVE-2024-32746
CVE-2024-32745
CVE-2024-32744
CVE-2024-32743
CVE-2024-32341
CVE-2024-32340
CVE-2024-32339
CVE-2024-32338
CVE-2024-32337
CVE-2024-27563
CVE-2024-27561
CVE-2023-41425
CVE-2022-43332
CVE-2020-35314
CVE-2020-35313
CVE-2020-29469
CVE-2020-29233
CVE-2020-29247
CVE-2019-5956
CVE-2018-14387
CVE-2018-7172
CVE-2018-1000062
CVE-2017-14523
CVE-2017-14522
CVE-2017-14521
CVE-2017-7951
CVE-2014-8705
CVE-2014-8704
CVE-2014-8703
CVE-2014-8702
CVE-2014-8701
CVE-2011-5317
all versions
WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. An authentica
all versions
A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function insta
all versions
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arb
all versions
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrar
all versions
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web s
all versions
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web s
all versions
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web s
all versions
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web s
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web
all versions
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web s
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary w
all versions
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web s
all versions
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web s
all versions
A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application
all versions
A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force
>= 3.2.0 and <= 3.4.2
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a cra
all versions
A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a cra
all versions
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remot
all versions
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3
all versions
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to injec
all versions
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attac
all versions
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywo
<= 2.6.0
Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified
< 2.5.2
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associ
<= 2.4.0
In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal.
all versions
WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'sv
all versions
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the ve
all versions
In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOT
all versions
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
<= 2.0.2
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.
all versions
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP cod
all versions
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local f
all versions
Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML.
all versions
Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the pass
all versions
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5
<= 0.3.3
Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web s