Cross-Site Request Forgery Vulnerability in FameThemes OnePress Theme
CVE-2024-37448

4.3MEDIUM

Key Information:

Vendor
WordPress
Status
Vendor
CVE Published:
2 January 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the FameThemes OnePress theme, allowing attackers to perform unauthorized actions on behalf of authenticated users. This could lead to security breaches and misuse of user privileges. Affected versions of the OnePress theme range from n/a up to 2.3.6. Users are urged to take precautions to secure their sites against this vulnerability.

Affected Version(s)

OnePress <= 2.3.6

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dhabaleshwar Das (Patchstack Alliance)
.