The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated malicious users to activate and deactivate arbitrary plugins installed on a vulnerable site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
machothemes naturemag lite |
||
machothemes antreas |
||
colorlib bonkers |
||
cpothemes affluent |
||
cpothemes transcend |
||
machothemes regina lite |
||
cpothemes brilliance |
||
machothemes medzone lite |
||
colorlib pixova lite |
||
colorlib newspaper x |
||
cpothemes allegiant |
||
colorlib illdy |
||
colorlib activello |
||
machothemes newsmag |
||
colorlib shapely |