CVE-2022-46796
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Dec 13, 2024
CWE ID 862
Summary
CVE-2022-46796 is a Missing Authorization vulnerability affecting VillaTheme's CURCY. The flaw allows unauthorized access to functionalities that should be restricted, due to incorrectly configured access control security levels. This issue affects CURCY versions from n/a to 2.1.25. An attacker can exploit this vulnerability to gain elevated privileges, potentially leading to data breaches or system takeover. Organizations using the affected version of CURCY are advised to apply the necessary patches as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- WordPress