Descrição
The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change or delete arbitrary css and js files.
Software
Não informado
Tipo Software
Tema
CVE
CVE-2025-1681
Tags
Nâo informado
Data de publicação
27/02/2025
Última atualização
01/03/2025
Pontuação em CVSS 3.0
5.4
Médio