CVE-2019-25142
The Mesmerize (up to 1.6.89) and Materialis (up to 1.0.172) WordPress themes are vulnerable to authenticated options changes due to companion_disable_popup not fully validating input before update_option. This allows authenticated attackers to modify restricted options. Remediation: upgrade Mesme...