cbcvebase.
CVE-2024-1047
published 2024-02-02

CVE-2024-1047: Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on…

PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.56%
42.3th percentile
Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update options values that allow ThemeIsle to track promotional activities via utm_source.

Affected

9 ranges
VendorProductVersion rangeFixed in
optimoleoptimole_optimize_images_in_real_time<= 3.12.4
optimolesuper_page_cache<= 4.7.5
rsocialrevive_social_social_media_auto_post_and_scheduling_automation_plugin<= 9.0.25
themeislemenu_icons_by_themeisle<= 0.13.8
themeislemultiple_page_generator_plugin_mpg<= 3.4.0
themeisleorbit_fox<= 2.10.28
themeisleppom_product_addons_custom_fields_for_woocommerce<= 32.0.9
themeislestarter_sites_templates_by_neve<= 1.2.6
themeislevisualizer_tables_and_charts_manager_for_wordpress<= 3.10.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.