CVE-2024-33686 – Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes

https://notcve.org/view.php?id=CVE-2024-33686

Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea WP: from n/a through 1.0.13; Elevate WP: from n/a through 1.0.15; Brite: from n/a through 1.0.11; Colibri WP: from n/a through 1.0.94; Vertice: from n/a through 1.0.7. Vulnerabilidad de autorización faltante en Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice. Este problema afecta a Pathway: desde n/a hasta 1.0.15; Hugo WP: desde n/a hasta 1.0.8; Althea WP: desde n/a hasta 1.0.13; Elevar WP: desde n/a hasta 1.0.15; Brite: desde n/a hasta 1.0.11; Colibri WP: desde n/a hasta 1.0.94; Vertice: desde n/a hasta 1.0.7. The ColibriWP Theme framework used by multiple themes for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_plugin' AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. • https://patchstack.com/database/vulnerability/althea-wp/wordpress-althea-wp-theme-1-0-13-broken-access-control-vulnerability https://patchstack.com/database/vulnerability/brite/wordpress-brite-theme-1-0-11-broken-access-control-vulnerability https://patchstack.com/database/vulnerability/colibri-wp/wordpress-colibri-wp-theme-1-0-94-broken-access-control-vulnerability https://patchstack.com/database/vulnerability/elevate-wp/wordpress-elevate-wp-theme-1-0-15-broken-access-control-vulnerability https://patchstack.com/database/vulnerab • CWE-862: Missing Authorization •