CVE-2018-25437

HIGH 7.5

WordPress CherryFramework Themes 3.1.4 Backup File Download

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can directly access the download_backup.php script in the admin/data_management directory to obtain ZIP archives containing the entire wp-content/themes directory contents.

CWE	CWE-306
Vendor	cherryframework
Product	cherry framework themes
Published	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for cherryframework cherry framework themes

Be the first to know when new high vulnerabilities affecting cherryframework cherry framework themes are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Cherryframework / Cherry Framework Themes

3.1.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/45896 cherryframework.com: http://www.cherryframework.com/ vulncheck.com: https://www.vulncheck.com/advisories/wordpress-cherryframework-themes-backup-file-download

Credits

b1p0l4r