Filtered by vendor Blazethemes
Subscriptions
Filtered by product Pubnews
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10578 | 1 Blazethemes | 1 Pubnews | 2024-12-06 | 8.8 High |
| The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities. | ||||
Page 1 of 1.