cleantalk
Vulnerabilities and Security Researches

Theme Blvd Sliders, 35e355420bff6e6fbbf1c55074e47f35e5759ac5

CVE, Research URL

35e355420bff6e6fbbf1c55074e47f35e5759ac5

Home page URL

Security reports for Theme Blvd Sliders

Application

Theme Blvd Sliders

Published on
Nov 08, 2014
Research Description
Theme Blvd Sliders [theme-blvd-sliders] < 1.2.4 ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
Affected versions
Min -, max 1.2.4.
Status
vulnerable
Previous vulnerability researches
Theme Blvd Sliders (CVE-2025-46456) , May 07, 2025
Theme Blvd Sliders (35e355420bff6e6fbbf1c55074e47f35e5759ac5) , Jun 07, 2024
New vulnerability
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress &amp; WooCommerce (CVE-2025-0671) , May 08, 2025
Pods &#8211; Custom Content Types and Fields (CVE-2025-1446) , May 08, 2025
WP-Recall &#8211; Registration, Profile, Commerce &amp; More (CVE-2024-9771) , May 08, 2025