Filtered by vendor Cherryframework
Subscriptions
Filtered by product Cherry Framework Themes
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25437 | 2 Cherryframework, Wordpress | 2 Cherry Framework Themes, Wordpress | 2026-06-23 | 7.5 High |
| WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can directly access the download_backup.php script in the admin/data_management directory to obtain ZIP archives containing the entire wp-content/themes directory contents. | ||||
Page 1 of 1.