CVE-2024-12876

Critical CVSS: 9.8

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Vendor

Uxper

Product

Golo

CWE

CWE-862

Yayın Tarihi

2025-03-07 09:15:15

Güncelleme

2025-03-13 17:55:17

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Golo CRITICAL Uxper 2025

Referanslar

https://themeforest.net/item/golo-directory-listing-travel-wordpress-theme/25397810 https://www.wordfence.com/threat-intel/vulnerabilities/id/e6cb81e5-61a4-4b67-a668-d8a7d46b2cea?source=cve

Benzer Kayıtlar

High

CVE-2024-13773

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information…

Critical

CVE-2024-13771

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass…

Medium

CVE-2024-13772

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass…