Unauthorized Modification of Data in Child Theme Creator plugin for WordPress
CVE-2024-12263

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Child Theme Creator By Orbisius
Vendor: CVE Published:; 12 December 2024

What is CVE-2024-12263?

The Child Theme Creator by Orbisius plugin for WordPress is susceptible to unauthorized data modification due to a lack of capability checks on the cloud_delete() and cloud_update() functions. This vulnerability enables authenticated attackers, even those with Subscriber-level access, to manipulate cloud snippets, allowing them to perform updates and deletions. This security flaw resides within the Cloud Library Addon connected to the plugin, which has since been withdrawn. Users of affected versions are advised to take immediate precautions to secure their sites.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Child Theme Creator by Orbisius * <= 1.5.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2024
Vulnerability Reserved
Dec 5, 2024

Credit

Tieu Pham Trong Nhan

JSON

Wordpress

What is CVE-2024-12263?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.