Lucene search

[email protected]CVE-2023-3204

HistoryJun 20, 2024 - 2:15 a.m.

CVE-2023-3204

2024-06-2002:15:09

[email protected]

web.nvd.nist.gov

materialis theme

wordpress

arbitrary options updates

authorization checks

ajax action

authenticated attackers

minimal permissions

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

22.0%

JSON

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value.

Affected configurations

Vulners

Node

extendthemesmaterialisRange≤1.1.24

CNA Affected

[
  {
    "vendor": "extendthemes",
    "product": "Materialis",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.1.24",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

themes.trac.wordpress.org/browser/materialis/1.1.20/inc/companion.php#L45

themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=231816%40materialis&new=231816%40materialis&sfp_email=&sfph_mail=#file6

www.wordfence.com/threat-intel/vulnerabilities/id/a2e05094-8344-4388-a703-518daf3d2948?source=cve

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

22.0%

JSON

Related for CVE-2023-3204

nvd1 cvelist1