Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in 11 ThemeBlvd themes

  • Severity: medium-risk
  • Status: Open
  • Publication: November 8, 2014

The following themes and plugins for WordPress can be exploited by malicious actors. Theme Blvd Shortcodes plugin, Theme Blvd Widget Areas plugin, Theme Blvd Layout Builder plugin, Theme Blvd Sliders plugin, WP Jump Start theme, Alyeska theme, Akita theme, Arcadian Responsive theme, Swagger theme, Commodore theme, and Barely Corporate theme are all vulnerable to unauthorized option deletion and user data manipulation. This vulnerability allows attackers to delete any option from the ‘wp_options’ table and edit any of their user metadata to ‘true’ without having to authenticate.

Detected in:

Akita fixed vulnerable versions: >= * <= 2.1.4
Alyeska fixed vulnerable versions: >= * <= 3.1.4
Arcadian Responsive fixed vulnerable versions: >= * <= 2.0.5
Barely Corporate fixed vulnerable versions: >= * <= 4.1.4
Commodore fixed vulnerable versions: >= * <= 3.0.2
Swagger fixed vulnerable versions: >= * <= 2.1.4
Theme Blvd Layout Builder fixed vulnerable versions: >= * <= 2.0.1
Theme Blvd Shortcodes open vulnerable versions: >= * <= 1.5.2
Theme Blvd Sliders open vulnerable versions: >= * <= 1.2.3
Theme Blvd Widget Areas open vulnerable versions: >= * <= 1.2.2
WP Jump Start open vulnerable versions: >= * <= 1.2.4

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.