5 matches found
CVE-2023-46148
CVE-2023-46148 – Themify Ultra (WordPress Theme) \n\nTechnical details from the provided sources indicate a Missing Authorization vulnerability in Themify Ultra (affecting versions up to 7.3.5). The root cause is insufficient access control that allows an authenticated user with subscriber-level ...
CVE-2023-46149
CVE-2023-46149 affects Themify Ultra (WordPress Theme) and is caused by an Unrestricted Upload of File with Dangerous Type in Themify Ultra, impacting versions up to 7.3.5. The vulnerability enables arbitrary file upload, which could lead to remote code execution or full site compromise given an ...
CVE-2023-46146
CVE-2023-46146 relates to Themify Themify Ultra (Theme) with versions up to 7.3.5, where a Missing Authorization/Broken Access Control vulnerability could allow unauthorized access. Public sources indicate the issue affects Themify Ultra through 7.3.5 and that Patchstack lists the fixed version a...
CVE-2023-46145
CVE-2023-46145 is an authenticated privilege escalation in the WordPress theme Themify Ultra. The vulnerability arises from improper privilege management in Themify Ultra versions up to and including 7.3.5, enabling a subscriber-level attacker to escalate privileges. The issue is actively documen...
CVE-2023-46147
CVE-2023-46147 affects Themify Ultra (WordPress theme) up to version 7.3.5. Root cause: deserialization of untrusted data leading to PHP Object Injection. Impact is described as High (C/H/I/H). Patch/mitigation: upgrade to Themify Ultra 7.3.6 or later; Patchstack also notes the fix in 7.3.6. Expl...