Unrated severityNVD Advisory· Published Jul 25, 2025· Updated Apr 8, 2026

Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update

CVE-2015-10143

Description

The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the *_ajax_save_options() function in all versions up to 1.4.4 (exclusive). This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Affected products

Orchidsoftware/Platformllm-fuzzy
Range: <1.4.4
PageLines/Platformv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.htmlmitre
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_platform_exec.rbmitre
www.wordfence.com/threat-intel/vulnerabilities/id/c16fab08-6b2c-433a-9105-fc15f5c52575mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.054
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000