CVE-2019-25142
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options.
We have discovered 168 live websites that are affected by CVE-2019-25142.
Contact us to get more info
Affected Software
| |
---|
Product | Mesmerize |
Category | Wordpress Themes |
Vulnerable Versions | |
Total Vulnerable Versions | 54 |
Vulnerable Domains | 168 live websites (23.33% of Mesmerize install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2019-25142 and the relative popularity of websites