CVE-2024-12781

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 862

Summary

CVE-2024-12781 is a vulnerability affecting the Aurum - WordPress & WooCommerce Shopping Theme. This issue allows authenticated attackers, with Subscriber-level access and above, to overwrite content due to a missing capability check on the 'lab_1cl_demo_install_package_content' function. Versions up to and including 4.0.2 are vulnerable to this unauthorized data modification. Attackers can exploit this flaw to import malicious demo content, potentially leading to security breaches and significant website damage. WordPress users are encouraged to update to the latest version of the theme to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share