Vulnerabilities and security researches fortheme-blvd-sliders theme-blvd-sliders

Jun 07, 2024

CVE, Research URL: 35e355420bff6e6fbbf1c55074e47f35e5759ac5
Home page URL: Security reports for Theme Blvd Sliders
Application: Theme Blvd Sliders
Date: Nov 08, 2014
Research Description: Theme Blvd Sliders [theme-blvd-sliders] < 1.2.4 ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
Affected versions: Min -, max -.
Status: vulnerable

May 07, 2025

CVE, Research URL: CVE-2025-46456
Home page URL: Security reports for Theme Blvd Sliders
Application: Theme Blvd Sliders
Date: -
Research Description: Theme Blvd Sliders [theme-blvd-sliders] <= 1.2.5 (unfixed) CVE-2025-46456
Affected versions: Min -, max -.
Status: vulnerable