WordPress Top Store Theme 1.5.4 Privilege Escalation

This script exploits CVE-2024-10673, a critical vulnerability found in the Top Store WordPress Theme versions 1.5.4 and below. The flaw allows authenticated users with subscriber-level access or higher to install and activate arbitrary plugins via unprotected AJAX requests. This can lead to...

CVE-2024-10673

The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-10673

The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-10673 Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-10673

CVE-2024-10673 affects Top Store WordPress Theme up to version 1.5.4. The flaw is a missing capability check in top_store_install_and_activate_callback(), allowing authenticated users with subscriber-level access or higher to install and activate arbitrary plugins via unprotected AJAX. Exploitati...

WordPress plugin Top Store 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

WordPress Top Store theme <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation vulnerability

Authenticated Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by WordFence in WordPress Theme Top Store versions = 1.5.4...

WordPress Top Store Theme <= 1.5.4 is vulnerable to Arbitrary Code Execution

Software Top Store Type Theme Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10673 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fffafd8d4a3 Credits WordFence...