Description
WordPress Plugin Child Theme Creator by Orbisius is prone to an arbitrary file modification vulnerability because it fails to properly verify user-supplied input. An attacker can exploit this vulnerability to modify local files in the context of the web server process, which may result in privilege escalation; other attacks are also possible. WordPress Plugin Child Theme Creator by Orbisius version 1.2.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.8 or latest
References
http://cinu.pl/research/wp-plugins/mail_28c91eee00e8e4b5868ebc58b5b1f730.html
https://wordpress.org/plugins/orbisius-child-theme-creator/changelog/
Related Vulnerabilities
WordPress 2.0.5 Invalid CSRF Token Cross-Site Scripting Vulnerability (0.6.2 - 2.0.5)
Oracle JRE Insecure Storage of Sensitive Information Vulnerability (CVE-2024-21211)
WordPress Plugin Lifeline Donation Security Bypass (1.2.6)
WordPress Plugin MetaSlider Cross-Site Scripting (2.6.2)
WordPress Plugin Easy Forms for Mailchimp Unspecified Vulnerability (6.6.2)