CVE-2024-6987

NVD Published Date: August 08, 2024 at 05:15 AM
NVD Last Modified: August 08, 2024 at 01:04 PM
Download Patch
Vulnerability ID
CVE-2024-6987
Severity
MEDIUM
Severity Score
4.3
Summary
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchid_store_activate_plugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate the Addonify Floating Cart For WooCommerce plugin if it is installed.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE ID
None

Recent Publish

CVE-2024-6869

CVE-2024-5226

CVE-2024-7150

CVE-2024-6481

CVE-2024-6824

CVE-2024-7548

See SecOps Solution
in action

Schedule Demo