Vulnerabilities and security researches forcustomizr customizr

Jun 10, 2024

CVE, Research URL: CVE-2020-36755
Home page URL: Security reports for Customizr
Application: Customizr
Date: Oct 20, 2023
Research Description: The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jun 11, 2024

CVE, Research URL: 4d15f3e020ee609002ba00903887071cdb06aaac
Home page URL: Security reports for Customizr
Application: Customizr
Date: Sep 16, 2020
Research Description: Customizr [customizr] < 4.3.3 WordPress Customizr theme <= 4.3.2 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability found by Jerome Bruandet (NinTechNet) in WordPress Customizr theme (versions <= 4.3.2).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: -
Home page URL: Security reports for Customizr
Application: Customizr
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: Min -, max -.
Status: vulnerable

Jun 22, 2024

CVE, Research URL: CVE-2024-35771
Home page URL: Security reports for Customizr
Application: Customizr
Date: Jun 21, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21.
Affected versions: Min -, max -.
Status: vulnerable