21 matches found
CVE-2024-1388
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
CVE-2024-1943
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...
CVE-2024-1943
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...
CVE-2024-1943
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...
CVE-2024-1388
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
Design/Logic Flaw
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
Cross site request forgery (csrf)
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...
CVE-2024-1943 Yuki <= 1.3.14 - Cross-Site Request Forgery to Theme Setting Reset
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...
CVE-2024-1943 Yuki <= 1.3.14 - Cross-Site Request Forgery to Theme Setting Reset
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...
CVE-2024-1943
CVE-2024-1943 affects the Yuki WordPress theme (up to version 1.3.14). The vulnerability is a Cross-Site Request Forgery due to missing/incorrect nonce validation in reset_customizer_options, allowing unauthenticated attackers to reset theme settings if they can lure an admin to click a forged li...
CVE-2024-1388 Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
CVE-2024-1388
CVE-2024-1388 affects the Yuki WordPress theme. Root cause: missing capability check in reset_customizer_options(), affecting all versions up to and including 1.3.13. Impact: authenticated users with subscriber+ can reset the theme settings, enabling unauthorized modification of data. Remediation...
CVE-2024-1388 Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
WordPress Yuki Theme <= 1.3.14 is vulnerable to Cross Site Request Forgery (CSRF)
Software Yuki Type Theme Vulnerable versions = 1.3.14 Fixed in 1.3.15 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1943 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d0c2045710bf Credits Lucio Sá Required privilege...
WordPress Yuki Theme <= 1.3.13 is vulnerable to Broken Access Control
Software Yuki Type Theme Vulnerable versions = 1.3.13 Fixed in 1.3.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1388 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc04919f893e Credits Lucio Sá Required privilege Subscriber...
WordPress Theme Yuki Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-18439 · WordPress · Yuki Theme
Name of the Vulnerable Software and Affected Versions: Yuki theme for WordPress versions up to, and including 1.3.14 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the reset customizer options function. This allows unauthenticated...
Yuki < 1.3.15 - Cross-Site Request Forgery to Theme Setting Reset
Description The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes...
PT-2024-18000 · WordPress · Yuki Theme
Name of the Vulnerable Software and Affected Versions: Yuki theme for WordPress versions up to, and including, 1.3.13 Description: The issue allows authenticated attackers with subscriber-level access and above to reset the theme's settings due to a missing capability check on the reset customize...
Yuki < 1.3.14 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset
Description The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and...