Description
Unauthenticated Arbitrary Plugin Installation vulnerability discovered by Brad Patton in WordPress WooRockets Nitro premium theme (versions <= 1.7.9).
## Solution
04.01.2022 - Deactivate and delete. No fix available.
Affected Software
{"id": "PATCHSTACK:FA93A8297FDCF3138A2DCDA912828573", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress WooRockets Nitro premium theme <= 1.7.9 - Unauthenticated Arbitrary Plugin Installation vulnerability", "description": "Unauthenticated Arbitrary Plugin Installation vulnerability discovered by Brad Patton in WordPress WooRockets Nitro premium theme (versions <= 1.7.9).\n\n## Solution\n\n\r\n 04.01.2022 - Deactivate and delete. No fix available.\r\n ", "published": "2021-11-03T00:00:00", "modified": "2021-11-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://patchstack.com/database/vulnerability/wr-nitro/wordpress-woorockets-nitro-premium-theme-1-7-9-unauthenticated-arbitrary-plugin-installation-vulnerability", "reporter": "Brad Patton", "references": ["https://wpscan.com/vulnerability/22071df4-73fc-4074-a395-86f2760d461e", "https://nitro.woorockets.com/changelog/"], "cvelist": [], "immutableFields": [], "lastseen": "2022-06-01T19:28:53", "viewCount": 2, "enchantments": {"score": {"value": 3.9, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "woorockets nitro", "version": 1}]}, "vulnersScore": 3.9}, "_state": {"score": 1659860190, "dependencies": 1660016401, "affected_software_major_version": 1666695388, "epss": 1679290575}, "_internal": {"score_hash": "997e3089b19d726a39ce56adf6610d51"}, "affectedSoftware": [{"version": "1.7.9", "operator": "le", "name": "woorockets nitro"}], "vendor_cvss": {"score": "3.1", "severity": "High severity"}, "owasp": "A5: Broken Access Control", "classification": "Other Vulnerability Type"}
{}
WordPress WooRockets Nitro premium theme <= 1.7.9 - Unauthenticated Arbitrary Plugin Installation vulnerability