ElegantThemes - Privilege Escalation



Description
Users were sent an email regarding a security issue and requesting them to update.

Affects Plugins

fixed in version 1.1.1
fixed in version 1.2.7
fixed in version 1.2.4

Affects Themes

fixed in version 2.6.4
fixed in version 1.2.4

References

URL http://www.pritect.net/blog/elegant-themes-security-vulnerability
URL http://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 13899
Verified No
WPVDB ID 8394

Timeline

Publicly Published 2016-02-18 (over 3 years ago)
Added 2016-02-18 (over 3 years ago)
Last Updated 2018-08-29 (about 1 year ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin