4 matches found
CVE-2024-12263
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clouddelete and cloudupdate functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with...
CVE-2024-12263
creationtimestamp| type| source ---|---|--- 2024-12-12 06:27:28+00:00| seen| https://infosec.exchange/users/cve/statuses/113638430631222337 2024-12-12 07:58:32+00:00| seen| https://t.me/cvedetector/12733...
CVE-2024-12263 Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clouddelete and cloudupdate functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with...
CVE-2024-12263
CVE-2024-12263 affects the WordPress plugin Child Theme Creator by Orbisius . The issue is a missing capability check in the cloud_delete() and cloud_update() functions, enabling authenticated attackers with Subscriber-level access and above to modify or delete cloud snippets. The vulnerability w...