Missing Authentication in Aruphash Crafthemes Demo Import
CVE-2024-34800

7.6HIGH

Key Information:

Vendor: WordPress
Status: Crafthemes Demo Import
Vendor: CVE Published:; 10 June 2024

What is CVE-2024-34800?

A critical vulnerability in Aruphash's Crafthemes Demo Import plugin allows unauthorized users to access critical functions due to missing authentication mechanisms. This issue affects all versions of the plugin up to 3.3 and poses a significant risk of functionality misuse, enabling malicious actors to exploit this flaw to perform unauthorized actions on WordPress websites. Users are strongly advised to update to the latest version of the plugin and implement robust security practices to safeguard against potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Crafthemes Demo Import <= 3.3

References

https://patchstack.com/database/vulnerability/crafthemes-...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
May 9, 2024

Credit

Yudistira Arya (Patchstack Alliance)

JSON

WordPress