Home » Vulnerabilities » Input validation vulnerability in Customizr 4.3.0

Latest

Input validation vulnerability in Customizr 4.3.0

CVE-2020-36755

Severity: medium-risk
Status: Fixed
Publication: September 26, 2020

The Customizr theme for WordPress has a vulnerability in versions up to and including 4.3.0. This vulnerability allows unauthenticated attackers to manipulate data and settings on the site if they can trick a site administrator into clicking a malicious link. This is possible because the theme does not properly validate the security measures (known as “nonces”) that are in place to protect against this kind of attack.

Detected in:

Customizr fixed vulnerable versions: >= * <= 4.3.0

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Input validation vulnerability in Customizr 4.3.0

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Input validation vulnerability in Customizr 4.3.0

Detected in: