CVE-2024-10674

Name of the Vulnerable Software and Affected Versions Th Shop Mania versions prior to 1.4.9

Description The Th Shop Mania theme for WordPress has a vulnerability due to a missing capability check on the th shop mania install and activate callback() function. This allows authenticated attackers with Subscriber-level access and above to install arbitrary plugins, which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation.

Recommendations For Th Shop Mania versions prior to 1.4.9, update to the latest version to secure your site. As a temporary workaround, consider disabling the th shop mania install and activate callback() function until a patch is available. Restrict access to the notification system to minimize the risk of exploitation. Avoid using the vulnerable function to install plugins until the issue is resolved.