CVE-2024-1047

CWE-862 — Missing Authorization4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 56.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Optimole Optimole – Optimize Images IN Real Time Optimole Super Page Cache Rsocial Revive Social – Social Media Auto Post AND Scheduling Automation Plugin +6 more

Timeline

PublishedFeb 2

Latest updateApr 11

Description

Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update options values that allow ThemeIsle to track promotional activities via utm_source.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages9 packages

▶CVEListV5themeisle/multiple_page_generator_plugin_–_mpg3.4.0

▶CVEListV5themeisle/visualizer:_tables_and_charts_manager_for_wordpress3.10.6

▶NVDthemeisle/orbit_fox2.10.28

▶CVEListV5themeisle/menu_icons_by_themeisle0.13.8

▶CVEListV5themeisle/starter_sites_&_templates_by_neve1.2.6

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

VulDB

ThemeIsle Orbit Fox Plugin up to 2.10.28 on WordPress authorization (ID 3029507)↗2026-04-11

▶

GHSA

GHSA-f527-jggh-c37w: The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_r↗2024-02-02

▶

CVEList

ThemeIsle SDK <= Various Versions - Missing Authorization↗2024-02-02

▶