ElegantThemes - Privilege Escalation



Description
Users were sent an email regarding a security issue and requesting them to update.

Affects Plugins

fixed in version 1.1.1
- plugin closed
fixed in version 1.2.7
fixed in version 1.2.4

Affects Themes

fixed in version 2.6.4
fixed in version 1.2.4

References

CVE 2016-11002
CVE 2016-11003
CVE 2016-11004
URL http://www.pritect.net/blog/elegant-themes-security-vulnerability
URL http://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 17840
Verified No
WPVDB ID 8394

Timeline

Publicly Published 2016-02-18 (over 4 years ago)
Added 2016-02-18 (over 4 years ago)
Last Updated 2019-11-28 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin