CVE-2024-12876

Name of the Vulnerable Software and Affected Versions The Golo - City Travel Guide WordPress Theme versions up to, and including, 1.6.10

Description The issue allows for privilege escalation via account takeover due to improper validation of a user's identity prior to updating their password. This enables unauthenticated attackers to change arbitrary users' passwords, including administrators, and gain access to their accounts.

Recommendations For versions up to, and including, 1.6.10, update to a version that properly validates user identity before allowing password updates. As a temporary workaround, consider restricting access to password update functionality to prevent unauthorized changes.