HIGH
Cherryframework
CVE published 2026-06-15
CVE-2018-25437
CVE-2018-25437 is a high-severity information disclosure vulnerability (CVSS Score: 8.7) affecting WordPress CherryFramework Themes version 3.1.4. The vulnerability allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Specifically, attackers can directly access the download_backup.php script located in the admin/data_management directory to obt [truncated]