CVE-2024-13656

Name of the Vulnerable Software and Affected Versions The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress version 3.6.0 and earlier

Description The issue is related to a missing capability check on the propanel of ajax callback() function, which allows authenticated attackers with subscriber-level access and above to delete arbitrary option values on the WordPress site. This can lead to a denial of service by creating an error on the site and denying service to legitimate users.

Recommendations For versions 3.6.0 and earlier, update to a version that includes a fix for the missing capability check on the propanel of ajax callback() function. As a temporary workaround, consider restricting access to the propanel of ajax callback() function to prevent unauthorized modification of data.