3 matches found
WordPress Th Shop Mania Theme 1.4.9 Missing Authorization
WordPress Th Shop Mania theme versions 1.4.9 and below missing capability check proof of concept exploit allowing for arbitrary plugin installation...
CVE-2024-10674
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the thshopmaniainstallandactivatecallback function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution
Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...