CVE-2024-12263

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 12, 2024
CWE ID 862

Summary

CVE-2024-12263: The Orbisius Child Theme Creator plugin for WordPress, up to version 1.5.5, contains a vulnerability that allows authenticated attackers with Subscriber-level access and above to unauthorizedly update and delete cloud snippets. This issue is due to a missing capability check on the cloud_delete() and cloud_update() functions in the affected plugin's Cloud Library Addon. It is important to note that the cloud library, which housed the vulnerable functions, has since been removed entirely from the plugin.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share