3 matches found
CVE-2025-1682 Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation
The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'savesettings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user ro...
CVE-2025-1682
CVE-2025-1682 concerns the WordPress Cardealer theme (versions <= 1.6.4). The root cause is a missing capability check in the save_settings function, enabling an authenticated user with subscriber-level access or higher to perform an Arbitrary Theme Option Update and escalate privileges by cha...
CVE-2025-1682 Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation
The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'savesettings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user ro...