PT-2025-9813 · Unknown · The Zass - Woocommerce Theme

Lucio Sá

·

Publicado

2025-03-05

·

Atualizado

2025-03-06

·

CVE-2024-13810

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions The Zass - WooCommerce Theme for Handmade Artists and Artisans versions up to, and including, 3.9.9.10
Description The issue allows authenticated attackers with Subscriber-level access and above to import demo content and overwrite the site due to a missing capability check on the 'zass import zass' AJAX actions.
Recommendations For versions up to, and including, 3.9.9.10, consider disabling the zass import zass AJAX action until a patch is available to prevent unauthorized access and potential site overwrite.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2024-13810

Produtos afetados

The Zass - Woocommerce Theme