CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33686 – Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes
https://notcve.org/view.php?id=CVE-2024-33686
26 Apr 2024 — Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea WP: from n/a through 1.0.13; Elevate WP: from n/a through 1.0.15; Brite: from n/a through 1.0.11; Colibri WP: from n/a through 1.0.94; Vertice: from n/a through 1.0.7. Vulnerabilidad de autorización faltante en Ext... • https://patchstack.com/database/vulnerability/althea-wp/wordpress-althea-wp-theme-1-0-13-broken-access-control-vulnerability • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1360 – Colibri WP <= 1.0.94 - Cross-Site Request Forgery to Limited Plugin Installation
https://notcve.org/view.php?id=CVE-2024-1360
22 Feb 2024 — The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El tema Colibri WP para WordPress es vulnerable a Cross-Site Request Forgery en todas l... • https://themes.trac.wordpress.org/changeset/218308/colibri-wp/1.0.101/inc/src/PluginsManager.php • CWE-352: Cross-Site Request Forgery (CSRF) •