Missing Authorization Vulnerability Affects Themify Ultra
CVE-2023-46148

8.8HIGH

Key Information:

Vendor: WordPress
Status: Themify Ultra
Vendor: CVE Published:; 19 June 2024

Summary

A security vulnerability exists in Themify Ultra, where missing authorization controls may allow unauthorized users to execute arbitrary actions, leading to configuration changes and potential exposure of sensitive data. This issue significantly affects the integrity of the website utilizing Themify Ultra versions up to 7.3.5, emphasizing the need for immediate attention from website administrators.

Affected Version(s)

Themify Ultra <= 7.3.5

References

https://patchstack.com/database/vulnerability/themify-ult...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2024
Vulnerability Reserved
Oct 17, 2023

Credit

Rafie Muhammad (Patchstack)