Themes Vulnerabilities

Thrive Theme Builder < 3.24.0 - Missing Authorization

Description

The theme is vulnerable to unauthorized use of functionality due to missing capability check in one of its functions. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke this function intended for higher-privileged users. The exact impact of this vulnerability is not known.

Affects Themes

thrive-theme
Fixed in 3.24.0

References

CVE
CVE-2023-47783
URL
https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-multiple-authenticated-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.3 (high)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
67066e13-e07f-4fb6-b5c2-6c9cf1b36b7c

Timeline

Publicly Published
2023-11-14 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-07 (about 2 years ago)

Other

Published
Title
Published
2023-12-27
Title
WooCommerce Product Vendors < 2.2.2 - Missing Authorization
Published
2024-10-21
Title
iBryl Switch User <= 1.0.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Published
2024-01-03
Title
WooCommerce Conversion Tracking < 2.0.12 - Subscriber+ happy-elementor-addons Installation & Activation
Published
2025-08-11
Title
Simple Local Avatars < 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration
Published
2024-04-05
Title
Church Admin < 4.1.7 - Missing Authorization