8 matches found
WordPress Top Store Theme 1.5.4 Privilege Escalation
This script exploits CVE-2024-10673, a critical vulnerability found in the Top Store WordPress Theme versions 1.5.4 and below. The flaw allows authenticated users with subscriber-level access or higher to install and activate arbitrary plugins via unprotected AJAX requests. This can lead to...
CVE-2024-10673
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-10673
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-10673
CVE-2024-10673 affects Top Store WordPress Theme up to version 1.5.4. The flaw is a missing capability check in top_store_install_and_activate_callback(), allowing authenticated users with subscriber-level access or higher to install and activate arbitrary plugins via unprotected AJAX. Exploitati...
CVE-2024-10673 Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...
WordPress plugin Top Store 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
WordPress Top Store theme <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation vulnerability
Authenticated Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by WordFence in WordPress Theme Top Store versions = 1.5.4...
WordPress Top Store Theme <= 1.5.4 is vulnerable to Arbitrary Code Execution
Software Top Store Type Theme Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10673 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fffafd8d4a3 Credits WordFence...