Unauthorized Data Modification in Demo Awesome Plugin for WordPress
CVE-2024-13637

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Demo Awesome
Vendor: CVE Published:; 2 April 2025

What is CVE-2024-13637?

The Demo Awesome plugin for WordPress presents a vulnerability that enables authenticated users, with at least Subscriber-level access, to bypass security checks on the install_plugin function. This flaw allows attackers to install and activate arbitrary plugins, which could lead to unauthorized modifications and potential exploitation of the WordPress site. This issue affects all versions of the plugin up to and including version 1.0.3, highlighting the importance of securing plugin installations.

Affected Version(s)

Demo Awesome * <= 1.0.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/demo-awesome/t...

https://wordpress.org/plugins/demo-awesome/#developers

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

Krzysztof Zając