Unauthorized Data Modification in ZoxPress WordPress Theme
CVE-2024-13654
8.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 12 February 2025
What is CVE-2024-13654?
The ZoxPress theme for WordPress is susceptible to unauthorized modification of data due to a missing capability check on the 'reset_options' function. This vulnerability affects all versions up to and including 2.12.0, enabling authenticated attackers with Subscriber-level access or higher to delete arbitrary option values. Such actions can create errors on the site, potentially leading to a denial of service, making it imperative for users to update and secure their installations.
Affected Version(s)
ZoxPress - The All-In-One WordPress News Theme * <= 2.12.0