CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3204 – Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2023-3204
19 Jun 2024 — The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value. El tema Materialis para WordPress es vulnerable a actualizaciones limitadas de opciones arbitrarias en versiones hasta... • https://themes.trac.wordpress.org/browser/materialis/1.1.20/inc/companion.php#L45 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4762 – Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2022-4762
13 Jan 2023 — The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown shortcode in versions up to, and including, 1.3.39 due to insufficient input ... • https://wpscan.com/vulnerability/4500566a-e5f2-40b8-a185-2bcace221b4e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-25142 – Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2019-25142
02 Dec 2019 — The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options. • https://blog.nintechnet.com/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability • CWE-862: Missing Authorization •