Description
WordPress Plugin Child Theme Creator by Orbisius is prone to an arbitrary file modification vulnerability because it fails to properly verify user-supplied input. An attacker can exploit this vulnerability to modify local files in the context of the web server process, which may result in privilege escalation; other attacks are also possible. WordPress Plugin Child Theme Creator by Orbisius version 1.2.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.8 or latest
References
http://cinu.pl/research/wp-plugins/mail_28c91eee00e8e4b5868ebc58b5b1f730.html
https://wordpress.org/plugins/orbisius-child-theme-creator/changelog/
Related Vulnerabilities
MySQL CVE-2011-2262 Vulnerability (CVE-2011-2262)
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Request Forgery (1.7.8)
Oracle Database Server CVE-2011-2239 Vulnerability (CVE-2011-2239)
WordPress Plugin LeadConnector Security Bypass (1.7)
WordPress Plugin DirectoryPress-Business Directory And Classified Ad Listing SQL Injection (3.6.10)