Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in TemplateSpare: Quick & Easy WordPress Site Builder – 475+ Ready-Made Demos for News, Blogs, eCommerce, and More. One-Click Import, No Coding Needed 2.4.2

  • Severity: medium-risk
  • Status: Fixed
  • Publication: August 2, 2024

The TemplateSpare plugin for WordPress, used to quickly build websites with pre-made templates, has a security vulnerability that could allow hackers to make changes without permission. This issue affects all versions up to 2.4.2 and allows attackers with a certain level of access to activate any theme and view its status. Even if the chosen theme is not actually installed, the site will be left without any theme features.

Detected in:

TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool | 1-Click Import/Export & No-Code Builder fixed vulnerable versions:
TemplateSpare – 1000+ WordPress Starter Templates for Blogs, News, eCommerce & More | 1-Click Demo Import, No-Code Site Builder fixed vulnerable versions:
TemplateSpare: Build Stunning WordPress Sites Fast – 1000+ News, Blog, eCommerce & Magazine Templates. One-Click Import, Fully Customizable with Gutenberg & Elementor, No Coding Needed. fixed vulnerable versions:
TemplateSpare: Quick & Easy WordPress Site Builder – 475+ Ready-Made Demos for News, Blogs, eCommerce, and More. One-Click Import, No Coding Needed fixed vulnerable versions: >= * <= 2.4.2

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.