CVE-2024-12781
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-12781 is a vulnerability affecting the Aurum - WordPress & WooCommerce Shopping Theme. This issue allows authenticated attackers, with Subscriber-level access and above, to overwrite content due to a missing capability check on the 'lab_1cl_demo_install_package_content' function. Versions up to and including 4.0.2 are vulnerable to this unauthorized data modification. Attackers can exploit this flaw to import malicious demo content, potentially leading to security breaches and significant website damage. WordPress users are encouraged to update to the latest version of the theme to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.