Primary

Context

LiquidThemes WordPress Plugins and Themes Missing Capability Check Vulnerability

Vulnerability

A vulnerability exists in multiple WordPress plugins and themes by LiquidThemes, all versions, due to a missing capability check on the 'liquid_reset_wordpress_before' AJAX action. This flaw allows authenticated attackers with Subscriber-level access and above to deactivate all plugins on a site. Although a nonce check was added, it does not provide adequate protection since the nonce is accessible to all users with dashboard access.

Impact

Exploitation of this vulnerability allows for unauthorized deactivation of all plugins on a WordPress site.

Remediation

No known patch available. It is recommended to review the vulnerability details and consider uninstalling the affected software.

Added: Aug 28, 2025, 4:19 AM

Updated: Aug 28, 2025, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LiquidThemes WordPress Plugins and Themes Missing Capability Check Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating