WordPress TemplateSpare plugin <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update vulnerability

Missing Authorization to Authenticated Subscriber+ Theme Update vulnerability discovered by Lucio Sá in WordPress Plugin TemplateSpare versions = 2.4.2...

WordPress TemplateSpare Plugin <= 2.4.2 is vulnerable to Broken Access Control

Software TemplateSpare Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6872 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 61e41ef1fa5e Credits Lucio Sá Required privilege...

CVE-2024-6872

The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

CVE-2024-6872

The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

CVE-2024-6872

The CVE-2024-6872 entry concerns the WordPress TemplateSpare plugin (≤ 2.4.2). Root cause: missing capability checks in templatespare_activate_required_theme and templatespare_get_theme_status allow authenticated users with Subscriber+ privileges to activate any installed theme and read theme sta...

CVE-2024-6872 Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update

The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

WordPress plugin TemplateSpare 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-37918 · WordPress · Templatespare

Name of the Vulnerable Software and Affected Versions: TemplateSpare plugin for WordPress versions up to, and including, 2.4.2 Description: The TemplateSpare plugin for WordPress has an issue due to a missing capability check on the templatespare activate required theme and templatespare get them...