CVE-2015-9456

Name of the Vulnerable Software and Affected Versions orbisius-child-theme-creator plugin versions prior to 1.2.8

Description The issue concerns incorrect access control for file modification. It can be exploited via the wp-admin/admin-ajax.php?action=orbisius ctc theme editor ajax&sub cmd=save file endpoint, specifically through the theme 1, theme 1 file, or theme 1 file contents parameters.

Recommendations For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/admin-ajax.php?action=orbisius ctc theme editor ajax&sub cmd=save file endpoint to minimize the risk of exploitation.