Unauthorized Data Access in SocialV Theme for WordPress
CVE-2024-13529

6.5MEDIUM

Key Information:

Vendor: Iqonicdesign
Status: Socialv - Social Network And Community Buddypress Theme
Vendor: CVE Published:; 4 February 2025

Summary

The SocialV - Social Network and Community BuddyPress Theme for WordPress is susceptible to unauthorized data access due to a lack of capability checks in the 'socialv_send_download_file' function. This flaw allows authenticated users with Subscriber-level access or higher to download arbitrary files from the system. As a result, sensitive information could be exposed to attackers exploiting this vulnerability, emphasizing the need for prompt security measures and updates.

Affected Version(s)

SocialV - Social Network and Community BuddyPress Theme * <= 2.0.15

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://assets.iqonic.design/documentation/wordpress/soci...

https://themeforest.net/item/socialv-community-buddypress...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 18, 2025

Credit

Lucio Sá