CVE-2019-25142
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options.
We have discovered 168 live websites that are affected by CVE-2019-25142.
Affected Software
| Product | |
| Category | Wordpress Themes |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 54 |
| Vulnerable Domains | 168 live websites (23.33% of Mesmerize install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2019-25142 and the relative popularity of websitesDetails
- Published - Jun 7, 2023
- Updated - Jun 7, 2023
Credits
- Jerome Bruandet (finder)
CVE References
CWE References
Countries
 United States | 35 websites |
 Germany | 33 websites |
 GB | 12 websites |
 Italy | 10 websites |
 France | 9 websites |
 Poland | 9 websites |
 Russia | 8 websites |
 Denmark | 6 websites |
 Spain | 6 websites |
 Brazil | 4 websites |
TLDs
| .com | 49 websites |
| .de | 24 websites |
| .org | 16 websites |
| .pl | 6 websites |
| .it | 6 websites |
| .net | 5 websites |
| .co.uk | 5 websites |
| .ru | 5 websites |
| .dk | 5 websites |
| .eu | 4 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2019-25142 through included software libraries and plugins.References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=cve
- https://blog.nintechnet.com/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability/
- https://wpscan.com/vulnerability/e4d70f03-69d5-4cca-8300-985f68d19ddc
- https://wordpress.org/themes/mesmerize/
- https://wordpress.org/themes/materialis/
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121291%40mesmerize&new=121291%40mesmerize&sfp_email=&sfph_mail=
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail=
Websites affected by CVE-2019-25142
Top websites that are affected by CVE-2019-25142. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******************.de | Germany | **,*** | |
| ******.info | Russia | ***,*** | |
| **********.com | United States | ***,*** | |
| ***************.org | United States | ***,*** | |
| ***********.com | United States | ***,*** | |
| ***.************.de | Germany | ***,*** | |
| ***********.com | United States | ***,*** | |
| ***.********************.de | Germany | ***,*** | |
| ***.md |  Moldova | ***,*** | |
| ****************.com | GB | ***,*** |