CVE-2024-13529

Name of the Vulnerable Software and Affected Versions SocialV - Social Network and Community BuddyPress Theme versions up to, and including, 2.0.15

Description The issue is related to unauthorized access of data due to a missing capability check on the socialv send download file function. This allows authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system.

Recommendations For versions up to, and including, 2.0.15, consider disabling the socialv send download file function until a patch is available to prevent unauthorized access to data. Restrict access to sensitive files and directories to minimize the risk of exploitation. Update to a version that includes a fix for the missing capability check in the socialv send download file function as soon as it becomes available.