CVE-2024-10673

CVSS V2 None CVSS V3 None
Description
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution.
Overview
  • CVE ID
  • CVE-2024-10673
  • Assigner
  • Wordfence
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-09T03:17:53.611Z
  • Last Modified Date
  • 2024-11-09T03:17:53.611Z
History
Created Old Value New Value Data Type Notes
2024-11-09 13:14:45 Added to TrackCVE