Themify Ultra: A Popular Theme with Critical Security Vulnerabilities
The Themify Ultra theme, a popular choice among designers and developers, recently became the epicenter of critical cybersecurity concerns. With over 70,000 active installations, this premium WordPress theme offers unparalleled control from header to footer, enabling unique designs for every page. However, the release of version 7.3.6 was not just another update; it was a crucial patch for several high-severity vulnerabilities.
The first vulnerability, tagged as CVE-2023-46149 with a CVSS score of 9.8, exposes a terrifying reality: Authenticated Arbitrary File Upload. This flaw allows authenticated users, even those with minimal rights like the Subscriber role, to upload and extract files from a zip archive. The absence of stringent permission checks and file type restrictions opens the door for malicious actors to upload .php files to the server, leading to Remote Code Execution (RCE).
Another flaw, CVE-2023-46148 (CVSS 8.8), labeled as Authenticated Arbitrary Settings Change, is equally alarming. This vulnerability enables authenticated users to alter any settings or options on a WordPress site. Without proper permission checks or limitations on what meta key can be updated, this vulnerability could easily lead to a complete site takeover or privilege escalation.
Furthermore, the theme was found to be susceptible to Authenticated Privilege Escalation (CVE-2023-46145, CVSS 8.8). This weakness allows users to escalate their privileges to any role on the WordPress site. The absence of checks on role assignment in the Sign Up Form feature could let an attacker gain unauthorized administrative access.
Lastly, the theme was compromised by an Authenticated PHP Object Injection issue (CVE-2023-46147, CVSS 7.4). This arises when user-supplied input is not properly sanitized before being passed to the PHP unserialize function. This can lead to the injection of arbitrary PHP objects into the application, potentially resulting in sensitive data leakage or even remote code execution.
Users of Themify Ultra are strongly advised to update to version 7.3.6 immediately. This version addresses all the reported vulnerabilities and provides enhanced security measures. Additionally, it’s crucial to maintain strong passwords and regularly update WordPress and other plugins to further minimize security risks.
