Wondercms: community verdicts
2 notable / known-exploited Wondercms CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Wondercms CVE, see NVD ↗.
- CVE-2023-41425MED 6.1EPSS 54%
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
- CVE-2020-29247MED 4.8EPSS 1%
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.