CVE-2024-12263

Name of the Vulnerable Software and Affected Versions Child Theme Creator by Orbisius plugin for WordPress versions up to, and including, 1.5.5

Description The issue is related to unauthorized modification of data due to a missing capability check on the cloud delete() and cloud update() functions. This allows authenticated attackers with Subscriber-level access and above to update and delete cloud snippets. The vulnerability was present in the Cloud Library Addon used by the plugin, which has been removed entirely.

Recommendations For versions up to, and including, 1.5.5, consider disabling the cloud delete() and cloud update() functions until a patch is available or the Cloud Library Addon is removed. Restrict access to cloud snippets to minimize the risk of exploitation. As the Cloud Library Addon has been removed entirely, ensure that the removal is properly applied to prevent any further vulnerabilities.