3 matches found
CVE-2024-1771
The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...
CVE-2024-1771
CVE-2024-1771 affects the WordPress Total theme up to version 2.1.59. Root cause: missing capability check in total_order_sections(), enabling authenticated users with subscriber+ access to modify homepage sections. Impact: unauthorized modification of data on the homepage. Mitigation: upgrade to...
WordPress Total Theme <= 2.1.59 is vulnerable to Broken Access Control
Software Total Type Theme Vulnerable versions = 2.1.59 Fixed in 2.1.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1771 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 28437cd16373 Credits Krzysztof Zając Required privilege...