Primary

Context

Configurator Theme Core Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Configurator Theme Core plugin for WordPress, affecting all versions through 1.4.7. The issue arises because the plugin fails to properly validate user meta fields before updating them in the database. This vulnerability allows authenticated attackers with Subscriber-level access or higher to escalate their privileges to Administrator.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to gain Administrator-level access.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Configurator Theme Core Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating