WordPress Theme Editor Plugin Cross-Site Request Forgery Vulnerability Allowing Remote Code Execution

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Theme Editor plugin for WordPress, affecting all versions through 3.0. The issue arises from inadequate nonce validation on the 'theme_editor_theme' page, enabling unauthenticated attackers to execute remote code by tricking a site administrator into clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected WordPress site.

Reproduction

To reproduce this vulnerability, an attacker must craft a forged request that exploits the missing nonce validation. This request should be designed to be sent to a WordPress site where the Theme Editor plugin is installed and activated, targeting an administrator who can be persuaded to click a link or perform an action that triggers the request. Once the request is executed, the attacker's code will be executed on the server, potentially compromising the site.

Remediation

Users are advised to update the Theme Editor plugin to version 3.1 or later.