CVE-2024-2962

MEDIUM

The Networker - Tech News WordPress Theme <1.1.9 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.

Scores

CVSS v3 5.3
EPSS 0.0050
EPSS Percentile 39.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
codesupplyco/Networker - Tech News WordPress Theme with Dark Mode < 1.1.9
Published Mar 27, 2024
Tracked Since Feb 18, 2026