CVE-2024-10674

Published Nov 9, 2024

Last updated 5 days ago

CVSS high 8.8

Overview

Description
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-862

Social media

Hype score
Not currently trending

  1. CVE-2024-10674 (CVSS:8.8, HIGH) is Awaiting Analysis. The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capab..https://t.co/DAAqfHmbep #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    14 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10674 (Published: 2024-11-09) - Critical vulnerability in TH Shop Mania v1.4.9. Exploitation can occur via the notify.php file. 🔒 Remediation: Update to the latest version immediately to secure your site. More info: [TH Shop Mania](https://t.co/1h3jHWmeUB)… https://t

    @transilienceai

    13 Nov 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-10674 The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_a… https://t.co/WYn7JQIXMi

    @CVEnew

    9 Nov 2024

    270 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2024-10674: HIGH] WordPress Th Shop Mania theme <= 1.4.9 is vulnerable to unauthorized plugin installation due to missing capability check. Attackers with Subscriber access can exploit this to achieve remote...#cybersecurity,#vulnerability https://t.co/zVrypDaIbl https://

    @CveFindCom

    9 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References