EUVD-2023-43882

Malicious code in bioql PyPI...

CVE-2023-3204

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companiondisablepopup function called via an AJAX action. This makes it possible for authenticated attackers, with...

CVE-2019-25142

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...

CVE-2023-3204

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companiondisablepopup function called via an AJAX action. This makes it possible for authenticated attackers, with...

CVE-2023-3204

CVE-2023-3204 affects the Materialis WordPress theme up to version 1.1.24. The root cause is missing authorization checks in companion_disable_popup() invoked via AJAX, allowing authenticated users with low privileges (e.g., subscribers) to set any option to a numeric value. The vulnerability is ...

CVE-2023-3204 Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companiondisablepopup function called via an AJAX action. This makes it possible for authenticated attackers, with...

PT-2024-12291 · WordPress · Materialis

Name of the Vulnerable Software and Affected Versions: Materialis theme for WordPress versions up to, and including, 1.1.24 Description: The issue is due to missing authorization checks on the companion disable popup function called via an AJAX action. This allows authenticated attackers, with...

WordPress Materialis theme <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update vulnerability

Missing Authorization to Limited Arbitrary Options Update vulnerability discovered by Gibran Abdillah in WordPress Theme Materialis versions = 1.1.24...

WordPress Materialis Theme <= 1.1.24 is vulnerable to Broken Access Control

Software Materialis Type Theme Vulnerable versions = 1.1.24 Fixed in 1.1.30 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3204 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e1b70e9d38bc Credits Gibran Abdillah Required privilege...

CVE-2019-25142

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...

WordPress theme Mesmerize & Materialis 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in the WordPress theme Mesmerize & Materialis, which stems from the fact that...

WordPress Materialis theme <=1.0.172 - Authenticated Options Update vulnerability

Authenticated Options Update vulnerability found by NinTechNet in WordPress Materialis theme versions =1.0.172. Solution Update the WordPress Materialis theme to the latest available version at least 1.0.173...