- Published on
-
Nov 08, 2014
- Research Description
-
Theme Blvd Sliders [theme-blvd-sliders] < 1.2.4
ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks
The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
- Affected versions
-
Min -, max 1.2.4.
Plugin Security Certification
Join the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Get Plugin Security Certificate
| New vulnerability |
|
Redis Object Cache
, Sep 17, 2025
|
|
Zakra
(CVE-2025-8595)
, Sep 15, 2025
|
|
PDF Embedder
, Sep 11, 2025
|
|
Pixeline's Email Protector
(CVE-2025-58982)
, Sep 11, 2025
|
|
Include Me
(CVE-2025-58983)
, Sep 11, 2025
|