PT-2025-9813 · Unknown · The Zass - Woocommerce Theme

Lucio Sá

Published

2025-03-05

Updated

2025-03-06

CVE-2024-13810

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Zass - WooCommerce Theme for Handmade Artists and Artisans versions up to, and including, 3.9.9.10

Description The issue allows authenticated attackers with Subscriber-level access and above to import demo content and overwrite the site due to a missing capability check on the 'zass import zass' AJAX actions.

Recommendations For versions up to, and including, 3.9.9.10, consider disabling the zass import zass AJAX action until a patch is available to prevent unauthorized access and potential site overwrite.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2024-13810

Affected Products

The Zass - Woocommerce Theme

PT-2025-9813 · Unknown · The Zass - Woocommerce Theme

CVE-2024-13810

Weakness Enumeration

Related Identifiers

Affected Products

References · 6