WordPress Plugin Vulnerabilities

WP Child Theme Generator < 1.1.2 - Missing Authorization to Unauthenticated Child Theme Creation/Activation

Description

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme and activate it cause the site to whitescreen.

Affects Plugins

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Lucio Sá
Verified
No

Timeline

Publicly Published
2024-06-20 (about 2 years ago)
Added
2024-06-20 (about 2 years ago)
Last Updated
2024-06-21 (about 2 years ago)

Other