WordPress Plugin Child Theme Creator by Orbisius Arbitrary File Modification (1.2.6)
Description
WordPress Plugin Child Theme Creator by Orbisius is prone to an arbitrary file modification vulnerability because it fails to properly verify user-supplied input. An attacker can exploit this vulnerability to modify local files in the context of the web server process, which may result in privilege escalation; other attacks are also possible. WordPress Plugin Child Theme Creator by Orbisius version 1.2.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.8 or latest