#VU30741 Improper Privilege Management in Extra


Published: 2019-09-20 | Updated: 2020-07-17

Vulnerability identifier: #VU30741

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-11002

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Extra
Web applications / Modules and components for CMS

Vendor: Elegant Themes

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Extra: 1.2.1 - 1.2.2

External links
http://www.pritect.net/blog/elegant-themes-security-vulnerability
http://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper Privilege Management in Extra