This page lists publicly disclosed CVE vulnerabilities affecting orbisius child_theme_creator (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-43276 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4. | [email protected] | 7.1 | 0.15% | 2024-08-18 | 2024-09-17 |
| CVE-2020-28649 | The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. | [email protected] | 8.8 | 0.30% | 2020-11-16 | 2024-11-21 |
| CVE-2015-9456 | The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter. | [email protected] | 6.5 | 0.29% | 2019-10-07 | 2024-11-21 |