CVE-2024-13656

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 12, 2025

Updated: Feb 24, 2025

CWE ID 862

Summary

CVE-2024-13656 is a vulnerability affecting the Click Mag - Viral WordPress News Magazine/Blog Theme. This theme, used in all versions up to 3.6.0, contains a missing capability check in the propanel_of_ajax_callback() function. Authenticated attackers with subscriber-level access or higher can exploit this weakness to delete arbitrary option values on WordPress sites. The deletion of specific options may cause errors and lead to a denial of service for legitimate users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2umYw6
https://www.cve.org/CVERecord?id=CVE-2024-13656
https://nvd.nist.gov/vuln/detail/CVE-2024-13656

Back to Vulnerability Database

CVE-2024-13656

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations