The Themify Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 7.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite or delete the generated CSS stylesheet file of arbitrary posts, including private and draft posts owned by other users, and modify plugin-scoped font options. The required CSRF nonce (tf_nonce) is emitted on public front-end builder pages via wp_localize_script, making it trivially obtainable by any authenticated user visiting such a page.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 16 Jul 2026 08:45:00 +0000
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-16T07:51:04.964Z
Reserved: 2026-07-10T13:54:17.109Z
Link: CVE-2026-15407
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses