Fraction Theme <= 1.1.1 - Privilege Escalation via CSRF



Description
This vulnerability allows an attacker to escalate privileges on the site and have an admin account which may lead to a full site takeover.

Affects Theme

no known fix

References

PacketStorm 130738
URL https://web.archive.org/web/20150324084929/https://research.evex.pw/?vuln=8
URL https://themeforest.net/item/fraction-multipurpose-news-magazine-theme/8655281

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Submitter Abdallah Samman
Submitter Twitter Evex_1337
Views 6915
Verified No
WPVDB ID 7840

Timeline

Publicly Published 2015-03-10 (over 5 years ago)
Added 2015-03-10 (over 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin