2 matches found
CVE-2023-6876 Clever Fox – One Click Website Importer by Nayra Themes <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme
The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated...
CVE-2023-6876
CVE-2023-6876 (Clever Fox – One Click Website Importer) is an authenticated-actor vulnerability in the Clever Fox WordPress plugin where a missing capability check on clever-fox-activate-theme allows users with subscriber+ privileges to modify the active theme (incl. to an invalid value) in versi...