CVE-2024-13654

Name of the Vulnerable Software and Affected Versions The ZoxPress - The All-In-One WordPress News Theme versions up to, and including, 2.12.0

Description The issue is related to unauthorized modification of data, which can lead to a denial of service. This is due to a missing capability check on the reset options function. Authenticated attackers with Subscriber-level access and above can delete arbitrary option values on the WordPress site, potentially creating an error that denies service to legitimate users.

Recommendations For versions up to, and including, 2.12.0, consider disabling the reset options function until a patch is available to prevent unauthorized modification of data. Restrict access to the theme's options to minimize the risk of exploitation. Avoid using the theme with Subscriber-level access and above until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.