Fraction Theme <= 1.1.1 - Privilege Escalation via CSRF



Description
This vulnerability allows an attacker to escalate privileges on the site and have an admin account which may lead to a full site takeover.

Affects Theme

References

PACKETSTORM 130738
URL http://web.archive.org/web/20150324084929/http://research.evex.pw/?vuln=8
URL http://themeforest.net/item/fraction-multipurpose-news-magazine-theme/8655281

Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352

Miscellaneous

Submitter Abdallah Samman
Submitter Twitter Evex_1337
Views 1023
Verified No
WPVDB ID 7840

Timeline

Publicly Published 2015-03-10 (over 3 years ago)
Added 2015-03-10 (over 3 years ago)
Last Updated 2016-04-24 (over 2 years ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.