4 matches found
CVE-2024-1047
Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in various versions. This makes it possible for unauthenticated attackers to update options values that allow...
CVE-2024-1047
CVE-2024-1047 concerns Orbit Fox by ThemeIsle (WordPress) with a vulnerability in register_reference() causing unauthorized modification of data. The issue exists in all versions up to and including 2.10.28 due to a missing capability check, enabling unauthenticated attackers to update the connec...
CVE-2024-1047 ThemeIsle SDK <= Various Versions - Missing Authorization
Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in various versions. This makes it possible for unauthenticated attackers to update options values that allow...
WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.28 is vulnerable to Broken Access Control
Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.28 Fixed in 2.10.29 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1047 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 50a5c5badf9e Credits Francesco Carlucci...