6 matches found
Exploit for CVE-2024-10673
🔥 Overview This script exploits CVE-2024-10673, a critica...
WordPress Top Store Theme 1.5.4 Privilege Escalation
This script exploits CVE-2024-10673, a critical vulnerability found in the Top Store WordPress Theme versions 1.5.4 and below. The flaw allows authenticated users with subscriber-level access or higher to install and activate arbitrary plugins via unprotected AJAX requests. This can lead to...
CVE-2024-10673
creationtimestamp| type| source ---|---|--- 2024-11-09 03:20:50+00:00| seen| https://infosec.exchange/users/cve/statuses/113450840914677083 2024-11-09 05:45:40+00:00| seen| https://t.me/cvedetector/10267 2025-03-12 16:00:08+00:00| published-proof-of-concept|...
CVE-2024-10673 Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-10673
CVE-2024-10673 affects Top Store WordPress Theme up to version 1.5.4. The flaw is a missing capability check in top_store_install_and_activate_callback(), allowing authenticated users with subscriber-level access or higher to install and activate arbitrary plugins via unprotected AJAX. Exploitati...
WordPress Top Store Theme <= 1.5.4 is vulnerable to Arbitrary Code Execution
Software Top Store Type Theme Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10673 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fffafd8d4a3 Credits WordFence...