Click Mag - Viral WordPress News Magazine/Blog Theme
Moderate fix1 remedy
cpe:2.3:a:mvpthemes:click_mag:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.6.0
Click Mag WordPress Theme Missing Authorization Vulnerability Allowing Arbitrary Options Deletion
Vulnerability
Patched
A vulnerability exists in the Click Mag - Viral WordPress News Magazine/Blog Theme, all versions through 3.6.0, due to a missing capability check in the propanel_of_ajax_callback() function. This flaw allows authenticated attackers with subscriber-level access and above to delete arbitrary option values from the WordPress site. Exploiting this vulnerability could lead to the removal of options that, when deleted, cause errors on the site, thereby disrupting service for legitimate users.
Impact
Exploitation of this vulnerability allows for unauthorized deletion of WordPress option values, which can be used to create errors on the site and disrupt service for users.
Remediation
Users are advised to update the Click Mag WordPress theme to version 3.7.0 or a newer patched version.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
5.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.