Description
WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can directly access the download_backup.php script in the admin/data_management directory to obtain ZIP archives containing the entire wp-content/themes directory contents.
Published: 2026-06-15
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WordPress CherryFramework Themes 3.1.4 contains an information disclosure flaw that allows unauthenticated attackers to download backup files by accessing the download_backup.php endpoint. The vulnerability permits direct retrieval of ZIP archives that include the entire wp-content/themes directory, exposing site source code, configuration files, and any sensitive data stored there. This represents a significant breach of confidentiality and is a classic Missing Authentication weakness (CWE-306).

Affected Systems

Cherryframework:Cherry Framework Themes, version 3.1.4 installed on WordPress sites.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, and with no EPSS data available the likelihood of exploitation cannot be quantified but should be treated as significant. The vulnerability is not listed in the CISA KEV catalog, but the absence of authentication renders it exploitable from the public internet. It is inferred that an attacker can simply issue an HTTP GET request to the download_backup.php script within the admin/data_management directory to obtain the vulnerable backup without any credentials.

Generated by OpenCVE AI on June 16, 2026 at 01:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cherry Framework Themes to the latest released version, which incorporates a fix for the download_backup.php vulnerability.
  • If an upgrade is not immediately feasible, block or restrict web access to download_backup.php using server configuration (e.g., Apache .htaccess or NGINX rules) so that only authenticated or privileged users can access it.
  • Check the Cherry Framework vendor’s website or update channel for the latest security patches and apply them as soon as they become available.

Generated by OpenCVE AI on June 16, 2026 at 01:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can directly access the download_backup.php script in the admin/data_management directory to obtain ZIP archives containing the entire wp-content/themes directory contents.
Title WordPress CherryFramework Themes 3.1.4 Backup File Download
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-15T19:24:18.908Z

Reserved: 2026-06-15T11:35:04.298Z

Link: CVE-2018-25437

cve-icon Vulnrichment

Updated: 2026-06-15T15:22:00.486Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T14:16:32.367

Modified: 2026-06-15T20:50:47.973

Link: CVE-2018-25437

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T02:00:04Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function