CVE-2023-3204 – Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2023-3204
The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value. El tema Materialis para WordPress es vulnerable a actualizaciones limitadas de opciones arbitrarias en versiones hasta la 1.1.24 incluida. Esto se debe a que faltan comprobaciones de autorización en la función complementario_disable_popup() llamada mediante una acción AJAX. • https://themes.trac.wordpress.org/browser/materialis/1.1.20/inc/companion.php#L45 https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=231816%40materialis&new=231816%40materialis&sfp_email=&sfph_mail=#file6 https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e05094-8344-4388-a703-518daf3d2948?source=cve • CWE-862: Missing Authorization •
CVE-2022-4762 – Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2022-4762
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown shortcode in versions up to, and including, 1.3.39 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/4500566a-e5f2-40b8-a185-2bcace221b4e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-25142 – Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2019-25142
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options. • https://blog.nintechnet.com/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail= https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121291%40mesmerize&new=121291%40mesmerize&sfp_email=&sfph_mail= https://wordpress.org/themes/materialis https://wordpress.org/themes/mesmerize https://wpscan.com/vu • CWE-862: Missing Authorization •