CVE-2024-12920

Name of the Vulnerable Software and Affected Versions FoodBakery | Delivery Restaurant Directory WordPress Theme versions up to 4.7

Description The issue allows unauthorized access and modification of data due to a missing capability check on several functions, including foodbakery var backup file delete, foodbakery widget file delete, theme option save, export widget settings, ajax import widget data, foodbakery var settings backup generate, foodbakery var backup file restore, and theme option rest all. This enables authenticated attackers with Subscriber-level access and above to perform various malicious actions, such as deleting arbitrary files, updating theme options, exporting and importing widget options, generating and restoring backups, and resetting theme options.

Recommendations For FoodBakery | Delivery Restaurant Directory WordPress Theme versions up to 4.7, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.