CVE-2015-10143
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-12-16
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pagelines | platform_theme | to 1.4.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2015-10143 is a vulnerability in the WordPress Platform theme (versions prior to 1.4.4) that allows unauthorized modification of site options due to missing capability checks in an AJAX function. This enables unauthenticated attackers to update arbitrary options, such as changing the default user role to administrator and enabling user registration, which can lead to attackers gaining administrative access. Additionally, the vulnerability includes a remote code execution flaw where the theme improperly includes uploaded PHP files, allowing attackers to execute arbitrary code on the site. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a full site takeover. Attackers can escalate privileges by changing the default user role to administrator and enabling user registration, allowing them to create admin accounts. Furthermore, attackers can exploit remote code execution to run arbitrary PHP code on the server, potentially injecting malware, SEO spam, or other malicious activities. This results in complete control over the WordPress site, compromising its integrity, confidentiality, and availability. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking for suspicious POST requests to WordPress admin endpoints such as /wp-admin/admin-post.php or /wp-admin/admin-ajax.php that include multipart/form-data uploads with PHP payloads named in a pattern like Settings_<random>.php. Using network monitoring tools or web server logs, you can search for such requests. Additionally, scanning for the presence of vulnerable versions of the Platform theme (versions prior to 1.4.4) is important. For example, you can check the theme version in the WordPress admin dashboard or by inspecting the theme's style.css file. There is a Metasploit module (Resource 1) that exploits this vulnerability, which can be used in a controlled environment to verify if the system is vulnerable. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Platform theme to version 1.4.4 or higher, Pagelines to 1.4.6 or higher, and PlatformPro to 1.6.2 or higher. If updating immediately is not possible, applying a temporary patch plugin that blocks the exploit is recommended. Additionally, deploying a Website Firewall (WAF) can help virtually patch the vulnerability until updates are applied. Restricting access to /wp-admin/admin-post.php and /wp-admin/admin-ajax.php endpoints or monitoring and blocking suspicious requests to these endpoints can also reduce risk. [2]