← back
CVE-2018-25437

WordPress CherryFramework Themes 3.1.4 Backup File Download

CVSS 8.7 HIGHEPSS 0.3%CWE-306
WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can directly access the download_backup.php script in the admin/data_management directory to obtain ZIP archives containing the entire wp-content/themes directory contents.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Cherryframework · Cherry Framework Themes
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45896unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/45896https://www.vulncheck.com/advisories/wordpress-cherryframework-themes-backup-file-downloadhttp://www.cherryframework.com/