CVE-2024-34800

2024-06-1016:15:14

CWE-306

[email protected]

web.nvd.nist.gov

aruphash crafthemes demo import

missing authentication

vulnerability

versions 3.3

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

EPSS

Percentile

9.0%

JSON

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through 3.3.

References

patchstack.com/database/vulnerability/crafthemes-demo-import/wordpress-crafthemes-demo-import-plugin-3-1-arbitrary-plugin-installation-vulnerability?_s_id=cve