CVE-2024-2962
MEDIUMThe Networker - Tech News WordPress Theme <1.1.9 - Info Disclosure
Title source: llmDescription
The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.
References (3)
Core 3
Core References
Scores
CVSS v3
5.3
EPSS
0.0050
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (1)
codesupplyco/Networker - Tech News WordPress Theme with Dark Mode
< 1.1.9
Published
Mar 27, 2024
Tracked Since
Feb 18, 2026