2 matches found
CVE-2024-6987 Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress Orchid Store Theme <= 1.5.6 is vulnerable to Broken Access Control
Software Orchid Store Type Theme Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6987 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11ea3d6423d2 Credits Lucio Sá Required privilege...