Themes Vulnerabilities

Thrive Theme Builder < 3.24.0 - Subscriber+ Privilege Escalation

Description

The them is vulnerable to privilege escalation, allowing any authenticated users, such as subscribers to elevate their privileges.

Affects Themes

thrive-theme
Fixed in 3.24.0

References

CVE
CVE-2023-47782
URL
https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-authenticated-privilege-escalation-vulnerability

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
fd577f28-c01e-493c-8659-5e566002cb7b

Timeline

Publicly Published
2023-11-14 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-07 (about 2 years ago)

Other

Published
Title
Published
2019-09-07
Title
Search Exclude < 1.2.4 - Arbitrary Settings Change
Published
2025-04-23
Title
My Tickets – Accessible Event Ticketing < 2.0.17 - Authenticated (Subscriber+) Privilege Escalation
Published
2025-03-13
Title
Realteo - Real Estate Plugin by Purethemes < 1.2.9 - Authentication Bypass via 'do_register_user'
Published
2026-02-14
Title
Ecwid by Lightspeed Ecommerce Shopping Cart < 7.0.8 - Subscriber+ Privilege Escalation
Published
2025-09-20
Title
Dokan < 4.1.4 - Shop Manager+ Privilege Escalation