7 matches found
WordPress Th Shop Mania Theme 1.4.9 Missing Authorization
WordPress Th Shop Mania theme versions 1.4.9 and below missing capability check proof of concept exploit allowing for arbitrary plugin installation...
WordPress Th Shop Mania Theme 1.4.9 Missing Authorization Exploit
import requests import argparse import re import time By Nxploit | Khaled alenazi, Function to check if the site is vulnerable def checkvulnerabilityurl: versionurl = f"url/wp-content/themes/th-shop-mania/readme.txt" try: response = requests.getversionurl, timeout=5 if response.statuscode == 200:...
Exploit for CVE-2024-10674
CVE-2024-10674 Exploit - Th Shop Mania --username --password...
CVE-2024-10674
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the thshopmaniainstallandactivatecallback function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
WordPress plugin Th Shop Mania 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Th Shop Mania theme <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation vulnerability
Authenticated Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by Sean Murphy, Kevin Murphy knmurphy in WordPress Theme Th Shop Mania versions = 1.4.9...
WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution
Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...