CVE-2024-33686

MEDIUM

Extend Themes Pathway <= 1.0.15 - Missing Authorization

Title source: llm
STIX 2.1

Description

Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea WP: from n/a through 1.0.13; Elevate WP: from n/a through 1.0.15; Brite: from n/a through 1.0.11; Colibri WP: from n/a through 1.0.94; Vertice: from n/a through 1.0.7.

Scores

CVSS v3 4.3
EPSS 0.0051
EPSS Percentile 39.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (7)
Extend Themes/Althea WP < 1.0.13
Extend Themes/Brite < 1.0.11
Extend Themes/Colibri WP < 1.0.94
Extend Themes/Elevate WP < 1.0.15
Extend Themes/Hugo WP < 1.0.8
Extend Themes/Pathway < 1.0.15
Extend Themes/Vertice < 1.0.7
Published Apr 29, 2024
Tracked Since Feb 18, 2026