WordPress Clever Fox plugin <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme vulnerability

Missing Authorization to arbitrary theme activation via clever-fox-activate-theme vulnerability discovered by Lucio Sá in WordPress Plugin Clever Fox versions = 25.2.0...

PT-2024-15112 · Nayra Themes · The Clever Fox – One Click Website Importer

Name of the Vulnerable Software and Affected Versions: The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress versions up to, and including, 25.2.0 Description: The issue is related to a missing capability check on the clever-fox-activate-theme function, allowing...