GCVE - cpe:2.3:a:themeisle:starter_sites_&_templates_by

Approved changes feed: RSS · Atom

cpe:2.3:a:themeisle:starter_sites_&_templates_by_neve:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Themeisle (`952ca4ef-81b0-5b76-b2cc-d8cf654b2d29`)
Product	Starter Sites & Templates By Neve (`8b2e43db-6629-51b0-9a73-e5b59a5f9a13`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1047`	vulnerable	2026-06-03 14:54:26.024875	ThemeIsle SDK <= Various Versions - Missing Authorization MEDIUM (5.3) Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update options values that allow ThemeIsle to track promotional activities via utm_source. Published: 2024-02-02T05:33:14.536Z Updated: 2026-04-08T16:56:47.195Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175 https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040302%40templates-patterns-collection&new=3040302%40templates-patterns-collection&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.