CVE-2024-12920

Summary

CVE-2024-12920 is a vulnerability affecting the FoodBakery | Delivery Restaurant Directory WordPress Theme. This issue allows authenticated attackers, with Subscriber-level access and above, to gain unauthorized access to data and modify it. Specifically, capability checks are missing on several functions, including foodbakery_var_backup_file_delete and theme_option_save. As a result, attackers can delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options. WordPress users are strongly advised to update the FoodBakery theme to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.