5 matches found
WordPress Th Shop Mania Theme 1.4.9 Missing Authorization Exploit
import requests import argparse import re import time By Nxploit | Khaled alenazi, Function to check if the site is vulnerable def checkvulnerabilityurl: versionurl = f"url/wp-content/themes/th-shop-mania/readme.txt" try: response = requests.getversionurl, timeout=5 if response.statuscode == 200:...
Exploit for CVE-2024-10674
CVE-2024-10674 Exploit - Th Shop Mania --username --password...
CVE-2024-10674
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the thshopmaniainstallandactivatecallback function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
WordPress Th Shop Mania theme <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation vulnerability
Authenticated Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by Sean Murphy, Kevin Murphy knmurphy in WordPress Theme Th Shop Mania versions = 1.4.9...
WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution
Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...