CVE-2024-6872

NVD Published Date: August 03, 2024 at 12:15 PM
NVD Last Modified: August 05, 2024 at 12:41 PM
Download Patch
Vulnerability ID
CVE-2024-6872
Severity
MEDIUM
Severity Score
4.3
Summary
The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'templatespare_activate_required_theme' and 'templatespare_get_theme_status' functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate any installed theme and read any theme status. If the attacker attempts to activate a theme that is not installed, a non-existent theme with the slug chosen by the attacker will be considered the active theme, leaving the site with no theme functionality.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE ID
None

Recent Publish

CVE-2024-6709

2024-07 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for ARM64 (KB5041355)

2024-07 Cumulative Update Preview for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5041355)

2024-07 Cumulative Update Preview for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 (KB5041355)

2024-07 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for ARM64 (KB5041169)

2024-07 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5041169)

See SecOps Solution
in action

Schedule Demo