CVE-2015-10143 – The Platform theme for WordPress has an authent... (How to Fix)

Q: What is the severity of CVE-2015-10143?

CVE-2015-10143 has a CVSS score of 9.8 (CRITICAL). The Platform theme for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to modify WordPress site options. This can be exploited to change user registration settings and create administrator accounts, giving attackers full control of vulnerable WordPress sites. All WordPress sites using Platform theme versions before 1.4.4 are affected.

📋 TL;DR

The Platform theme for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to modify WordPress site options. This can be exploited to change user registration settings and create administrator accounts, giving attackers full control of vulnerable WordPress sites. All WordPress sites using Platform theme versions before 1.4.4 are affected.

💻 Affected Systems

Products:

WordPress Platform theme

Versions: All versions up to but not including 1.4.4

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations using the Platform theme. The vulnerability exists regardless of WordPress version.

📦 What is this software?

Platform Theme by Pagelines

View all CVEs affecting Platform Theme →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover - attackers gain administrative access, can deface the site, steal data, install malware, or use the site for further attacks.

🟠

Likely Case

Site compromise leading to data theft, malware distribution, or use as part of a botnet.

🟢

If Mitigated

Attackers can still modify site options but cannot escalate privileges if user registration is disabled and strong access controls are in place.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, and this vulnerability requires no authentication.

🏢 Internal Only: LOW - Internal-only WordPress sites would still be vulnerable but have reduced attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Metasploit module available. Exploitation requires sending crafted AJAX requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.4

Vendor Advisory: https://blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Update Platform theme to version 1.4.4 or later. 4. If update not available, replace with patched version manually.

🔧 Temporary Workarounds

Disable Platform theme

all

Switch to a different WordPress theme that is not vulnerable

wp theme activate twentytwentyfour
wp theme delete platform

Block vulnerable endpoint

linux

Add web application firewall rule to block requests to the vulnerable AJAX endpoint

# Add to .htaccess for Apache:
RewriteRule ^wp-content/themes/platform/framework/ajax/.*$ - [F,L]
# Add to nginx config:
location ~* ^/wp-content/themes/platform/framework/ajax/ { deny all; }

🧯 If You Can't Patch

Disable user registration in WordPress settings (Settings > General > Membership)
Implement web application firewall with rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress theme directory for Platform theme version. If version is less than 1.4.4, the site is vulnerable.

Check Version:

wp theme list --field=name,version | grep platform

Verify Fix Applied:

Confirm Platform theme version is 1.4.4 or later in WordPress admin panel under Appearance > Themes.

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-content/themes/platform/framework/ajax/options.php
Unusual option changes in WordPress database
New administrator user creation

Network Indicators:

HTTP POST requests containing 'action=platform_ajax_save_options'
Requests to admin-ajax.php with platform-specific parameters

SIEM Query:

source="web_logs" AND (uri_path="/wp-content/themes/platform/framework/ajax/options.php" OR post_data CONTAINS "platform_ajax_save_options")

📊 Metadata

CVE ID: CVE-2015-10143

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

EPSS Score: 64.07% exploit probability (98.4th percentile)

Published: July 25, 2025

Last Updated: December 16, 2025

🔗 References

https://blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html Press/Media Coverage,Technical Description,Exploit
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_platform_exec.rb Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/c16fab08-6b2c-433a-9105-fc15f5c52575?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-10143, you might also want to check these: