๐Ÿ” CVE Alert

CVE-2024-1047

MEDIUM 5.3

ThemeIsle SDK <= Various Versions - Missing Authorization

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update options values that allow ThemeIsle to track promotional activities via utm_source.

CWE CWE-862
Vendor themeisle
Product menu icons by themeisle
Published Feb 2, 2024
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for themeisle menu icons by themeisle

Be the first to know when new medium vulnerabilities affecting themeisle menu icons by themeisle are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

themeisle / Menu Icons by ThemeIsle
0 โ‰ค 0.13.8
themeisle / Starter Sites & Templates by Neve
0 โ‰ค 1.2.6
themeisle / Otter Blocks โ€“ Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
0 โ‰ค 2.6.2
themeisle / LightStart โ€“ Maintenance Mode, Coming Soon and Landing Page Builder
0 โ‰ค 2.6.9
themeisle / Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
0 โ‰ค 2.10.28
themeisle / Multiple Page Generator Plugin โ€“ MPG
0 โ‰ค 3.4.0
themeisle / Visualizer: Tables and Charts Manager for WordPress
0 โ‰ค 3.10.6
optimole / Optimole โ€“ Optimize Images in Real Time
0 โ‰ค 3.12.4
themeisle / RSS Aggregator by Feedzy โ€“ Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
0 โ‰ค 4.4.1
optimole / Super Page Cache
0 โ‰ค 4.7.5
rsocial / Revive Social โ€“ Social Media Auto Post and Scheduling Automation Plugin
0 โ‰ค 9.0.25
themeisle / PPOM โ€“ Product Addons & Custom Fields for WooCommerce
0 โ‰ค 32.0.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040302%40templates-patterns-collection&new=3040302%40templates-patterns-collection&sfp_email=&sfph_mail=

Credits

Francesco Carlucci