Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/03/07 12:45 p.m.5 views

CVE-2024-13423

The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparklingactivateplugin' and 'sparklingdeactivateplugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers...

5.3CVSS7.1AI score0.00355EPSS
Exploits0References1
NVD
NVD
added 2025/03/05 12:15 p.m.8 views

CVE-2024-13423

The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparklingactivateplugin' and 'sparklingdeactivateplugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers...

5.3CVSS0.00355EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/05 11:22 a.m.10 views

CVE-2024-13423 Sparkling <= 2.4.9 - Missing Authorization to Unauthenticated Arbitrary Plugin Activation/Deactivation

The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparklingactivateplugin' and 'sparklingdeactivateplugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers...

5.3CVSS0.00355EPSS
Exploits0References4
CVE
CVE
added 2025/03/05 11:22 a.m.46 views

CVE-2024-13423

CVE-2024-13423 applies to the Sparkling WordPress theme/plugin (affected versions: ≤ 2.4.9). Root cause: missing capability checks in functions sparkle_activate_plugin and sparkle_deactivate_plugin, enabling unauthenticated users to activate/deactivate arbitrary plugins. Impact: unauthorized plug...

5.3CVSS7.1AI score0.00355EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/05 11:22 a.m.3 views

CVE-2024-13423 Sparkling <= 2.4.9 - Missing Authorization to Unauthenticated Arbitrary Plugin Activation/Deactivation

The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparklingactivateplugin' and 'sparklingdeactivateplugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers...

5.3CVSS7.1AI score0.00355EPSS
Exploits0References4
Rows per page
Query Builder