wondercms

Top products

The 15 most recently published vulnerabilities affecting wondercms.

• CVE-2024-58305WonderCMS 4.3.2 Cross-Site Scripting Remote Code Execution via Module Installation8.8Dec 12, 2025
• CVE-2025-57055WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl...6.5Sep 17, 2025
• CVE-2025-3123WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload4.7Apr 2, 2025
• CVE-2024-41305A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeU...4.7Jul 30, 2024
• CVE-2024-41304An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.5.4Jul 30, 2024
• CVE-2024-32746A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU paramet...4.6Apr 17, 2024
• CVE-2024-32745A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIP...5.9Apr 17, 2024
• CVE-2024-32744A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORD...4.6Apr 17, 2024
• CVE-2024-32743A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAG...5.5Apr 17, 2024
• CVE-2024-32341Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the par...5.4Apr 17, 2024
• CVE-2024-32340A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITL...9.6Apr 17, 2024
• CVE-2024-32339Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the p...6.1Apr 17, 2024
• CVE-2024-32338A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE p...5.4Apr 17, 2024
• CVE-2024-32337A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN ...6.1Apr 17, 2024
• CVE-2024-27563A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the ...5.3Mar 5, 2024