Description
WordPress Plugin Child Theme Creator by Orbisius is prone to an arbitrary file modification vulnerability because it fails to properly verify user-supplied input. An attacker can exploit this vulnerability to modify local files in the context of the web server process, which may result in privilege escalation; other attacks are also possible. WordPress Plugin Child Theme Creator by Orbisius version 1.2.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.8 or latest
References
http://cinu.pl/research/wp-plugins/mail_28c91eee00e8e4b5868ebc58b5b1f730.html
https://wordpress.org/plugins/orbisius-child-theme-creator/changelog/
Related Vulnerabilities
WordPress Plugin Asgaros Forum Security Bypass (1.5.7)
Oracle Application Server CVE-2006-0273 Vulnerability (CVE-2006-0273)
MySQL CVE-2024-20969 Vulnerability (CVE-2024-20969)
WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.11)
WordPress Plugin Gigya-Social Infrastructure Unspecified Vulnerability (3.0.4)