CVE-2023-6876

The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nayrathemes:clever_fox:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:44

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/browser/clever-fox/trunk/clever-fox.php#L539 - Product () https://plugins.trac.wordpress.org/browser/clever-fox/trunk/clever-fox.php#L539 - Product
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail= - Patch () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cve - Third Party Advisory

29 Oct 2024, 19:50

Type Values Removed Values Added
CPE cpe:2.3:a:nayrathemes:clever_fox:*:*:*:*:*:wordpress:*:*
References () https://plugins.trac.wordpress.org/browser/clever-fox/trunk/clever-fox.php#L539 - () https://plugins.trac.wordpress.org/browser/clever-fox/trunk/clever-fox.php#L539 - Product
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cve - Third Party Advisory
CWE CWE-862
First Time Nayrathemes clever Fox
Nayrathemes

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) El complemento Clever Fox – One Click Website Importer de Nayra Themes para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función 'clever-fox-activate-theme' en todas las versiones hasta la 25.2.0 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor y superior, modifiquen el tema activo, incluso a un valor no válido que puede hacer caer el sitio.

07 Jun 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-07 02:15

Updated : 2024-11-21 08:44


NVD link : CVE-2023-6876

Mitre link : CVE-2023-6876

CVE.ORG link : CVE-2023-6876


JSON object : View

Products Affected

nayrathemes

  • clever_fox
CWE
CWE-862

Missing Authorization