Missing Authentication in Aruphash Crafthemes Demo Import
CVE-2024-34800

7.6HIGH

Key Information:

Vendor: WordPress
Status: Crafthemes Demo Import
Vendor: CVE Published:; 10 June 2024

Summary

A critical vulnerability in Aruphash's Crafthemes Demo Import plugin allows unauthorized users to access critical functions due to missing authentication mechanisms. This issue affects all versions of the plugin up to 3.3 and poses a significant risk of functionality misuse, enabling malicious actors to exploit this flaw to perform unauthorized actions on WordPress websites. Users are strongly advised to update to the latest version of the plugin and implement robust security practices to safeguard against potential attacks.

Affected Version(s)

Crafthemes Demo Import <= 3.3

References

https://patchstack.com/database/vulnerability/crafthemes-...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
May 9, 2024

Credit

Yudistira Arya (Patchstack Alliance)