Log out
Get PRO

Latest

Access violation vulnerability in ThemeIsle SDK (12 plugins affected)

  • Severity: medium-risk
  • Status: Fixed
  • Publication: February 1, 2024

The ThemeIsle SDK created by ThemeIsle, has a security vulnerability that allows unauthorized individuals to change data without permission. This is because there is no check in place to verify permission on the register_reference() function in all versions up to 2.10.28. This means that attackers who are not logged in can potentially change the API keys that are connected to the plugin. Twelve different plugins were affected by this.

Detected in:

Cloud Templates & Patterns collection fixed vulnerable versions: >= * <= 1.2.6
Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF fixed vulnerable versions:
Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF, Optimize Images fixed vulnerable versions:
LightStart – Maintenance Mode, Coming Soon and Landing Page Builder fixed vulnerable versions: >= * <= 2.6.9
Multiple Page Generator Plugin – MPG fixed vulnerable versions: >= * <= 3.4.0
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization fixed vulnerable versions:
Optimole – Optimize images | WebP, AVIF, CDN and Lazy Load fixed vulnerable versions:
Orbit Fox by ThemeIsle fixed vulnerable versions: >= * <= 2.10.28
Orbit Fox Extra Modules: Duplicate Page, Menu Icons, SVG Support, Cookie Notice & More fixed vulnerable versions:
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More fixed vulnerable versions:
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE fixed vulnerable versions:
PPOM – Product Addons & Custom Fields for WooCommerce fixed vulnerable versions:
Product Addons & Fields for WooCommerce fixed vulnerable versions: >= * <= 32.0.9
Revive Old Posts – Social Media Auto Post and Scheduling Automation Plugin fixed vulnerable versions:
Revive Social – Social Media Auto Post and Scheduling Automation Plugin fixed vulnerable versions:
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator fixed vulnerable versions:
Starter Sites & Templates by Neve fixed vulnerable versions:
Super Page Cache fixed vulnerable versions: >= * <= 4.7.5
Visualizer: Tables and Charts Manager for WordPress fixed vulnerable versions: >= * <= 3.10.6

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.