Descrição
The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value.
Software
Não informado
Tipo Software
Tema
CVE
CVE-2023-3204
Tags
Nâo informado
Data de publicação
19/06/2024
Última atualização
08/12/2024
Pontuação em CVSS 3.0
6.5
Médio