Chimpstudio Cs Framework vulnerabilities
2 known vulnerabilities affecting chimpstudio/cs_framework.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-12035P2HIGHCVSS 8.8≤ 7.02025-03-07
CVE-2024-12035 [HIGH] CWE-22 CVE-2024-12035: The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient f
The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily l
nvd
CVE-2024-12036P3HIGHCVSS 7.5≤ 7.12025-03-07
CVE-2024-12036 [HIGH] CWE-73 CVE-2024-12036: The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, an
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
nvd