CVE-2024-12781

Name of the Vulnerable Software and Affected Versions Aurum - WordPress & WooCommerce Shopping Theme versions prior to 4.0.3

Description The issue concerns a missing capability check in the lab 1cl demo install package content function, allowing authenticated attackers with Subscriber-level access and above to overwrite content with imported demo content. This enables unauthorized modification of data.

Recommendations For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the lab 1cl demo install package content function to prevent unauthorized data modification.