CVE-2023-3204 – Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2023-3204
The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value. El tema Materialis para WordPress es vulnerable a actualizaciones limitadas de opciones arbitrarias en versiones hasta la 1.1.24 incluida. Esto se debe a que faltan comprobaciones de autorización en la función complementario_disable_popup() llamada mediante una acción AJAX. • https://themes.trac.wordpress.org/browser/materialis/1.1.20/inc/companion.php#L45 https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=231816%40materialis&new=231816%40materialis&sfp_email=&sfph_mail=#file6 https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e05094-8344-4388-a703-518daf3d2948?source=cve • CWE-862: Missing Authorization •
CVE-2019-25142 – Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2019-25142
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options. • https://blog.nintechnet.com/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail= https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121291%40mesmerize&new=121291%40mesmerize&sfp_email=&sfph_mail= https://wordpress.org/themes/materialis https://wordpress.org/themes/mesmerize https://wpscan.com/vu • CWE-862: Missing Authorization •