2 matches found
CVE-2023-6876 Clever Fox – One Click Website Importer by Nayra Themes <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme
The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated...
WordPress Clever Fox Plugin <= 25.2.0 is vulnerable to Broken Access Control
Software Clever Fox Type Plugin Vulnerable versions = 25.2.0 Fixed in 25.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6876 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0b00422ea221 Credits Lucio Sá Required privilege...