cleantalk
Vulnerabilities and Security Researches

Yuki, CVE-2024-1388

CVE, Research URL

CVE-2024-1388

Home page URL

Security reports for Yuki

Application

Yuki

Published on
Feb 28, 2024
Research Description
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings.
Affected versions
max 1.3.14.
Status
vulnerable
Previous vulnerability researches
Yuki (CVE-2023-33999) , Jun 14, 2026
Yuki (f4d60c1247dfd2dcef2e7f7c40df2f7b743e04f8) , Jun 11, 2024
Yuki (CVE-2024-1388) , Jun 10, 2024
Yuki (CVE-2024-1943) , Jun 10, 2024
New vulnerability
FAQ Manager For Divi, Gutenberg Block & Shortcode (CVE-2023-33999) , Jun 14, 2026
TablePress – Tables in WordPress made easy (CVE-2023-33999) , Jun 14, 2026
Docket Cache – Object Cache Accelerator (CVE-2026-22492) , Jun 14, 2026
Advanced Classifieds & Directory Pro (CVE-2023-33999) , Jun 14, 2026
Display Eventbrite Events (CVE-2023-33999) , Jun 14, 2026