CVE-2024-12781 Aurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import

The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab1cldemoinstallpackagecontent' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated...

CVE-2024-12781

CVE-2024-12781 concerns the Aurum WordPress & WooCommerce Shopping Theme. The vulnerability is an unauthorized data modification due to a missing capability check in the lab_1cl_demo_install_package_content function, affecting all versions up to 4.0.2. Public details in connected Red Hat document...

CVE-2024-12781 Aurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import

The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab1cldemoinstallpackagecontent' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated...

PT-2025-1950 · Aurum · Aurum

Name of the Vulnerable Software and Affected Versions: Aurum - WordPress & WooCommerce Shopping Theme versions prior to 4.0.3 Description: The issue concerns a missing capability check in the lab 1cl demo install package content function, allowing authenticated attackers with Subscriber-level...

WordPress Aurum theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import vulnerability

Missing Authorization to Authenticated Subscriber+ Demo Content Import vulnerability discovered by Lucio Sá in WordPress Theme Aurum versions = 4.0.2...