Lucene search
+L

3 matches found

Cvelist
Cvelist
added 2025/01/08 8:18 a.m.27 views

CVE-2024-12855 AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/08 8:18 a.m.11 views

CVE-2024-12855 AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS6.5AI score0.00267EPSS
Exploits0References2
CVE
CVE
added 2025/01/08 8:18 a.m.52 views

CVE-2024-12855

CVE-2024-12855: AdForest WordPress theme (AdForest) is vulnerable due to a missing capability check on multiple AJAX actions (e.g., sb_remove_ad) across versions up to 5.1.7, allowing authenticated users with Subscriber-level access and above to delete posts/attachments and deactivate a license. ...

5.4CVSS4.4AI score0.00267EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder