CVE-2024-10674

CVSS V2 None CVSS V3 None
Description
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation.
Overview
  • CVE ID
  • CVE-2024-10674
  • Assigner
  • Wordfence
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-09T03:18:14.401Z
  • Last Modified Date
  • 2024-11-09T03:18:14.401Z
History
Created Old Value New Value Data Type Notes
2024-11-09 13:15:22 Added to TrackCVE