WordPress Platform Theme < 1.4.4 is vulnerable to Broken Access Control

Software Platform Type Theme Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2015-10143 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04b827207d59 Credits Marc-Alexandre Montpas Required...

CVE-2015-10143

The CVE-2015-10143 entry concerns the Platform theme for WordPress prior to version 1.4.4, where a missing capability check in the _ajax_save_options() function allows unauthenticated modification of options. Affects the Platform theme (WordPress Platform) and enables updating arbitrary site opti...

CVE-2015-10143 Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update

The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsaveoptions function in all versions up to 1.4.4 exclusive. This makes it possible for unauthenticated attackers to update arbitra...

CVE-2015-10143

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wpplatformexec.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...