Themes Vulnerabilities

Themify Ultra < 7.3.6 - Privilege Escalation

Description

The themify-ultra theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.3. This makes it possible for low-level attackers with subscriber-level access to elevate their privileges.

Affects Themes

themify-ultra
Fixed in 7.3.6

References

CVE
CVE-2023-46145
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/cc994b2a-b3da-4edc-ada3-1150065efd30

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (High)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
67d2d2b1-9e73-4231-ad32-d61b0c8c1251

Timeline

Publicly Published
2023-10-17 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-11-28 (about 2 years ago)

Other

Published
Title
Published
2019-08-05
Title
ND Booking < 2.5 - Unauthenticated Options Change
Published
2022-12-01
Title
ARMember < 5.6 - Unauthenticated Privilege Escalation
Published
2025-09-20
Title
Simple User Registration <= 6.4 - Authenticated (Contributor+) Privilege Escalation
Published
2019-07-31
Title
ND Shortcodes For Visual Composer < 6.0 - Unauthenticated WP Options Update
Published
2023-05-11
Title
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation