| CVE编号 | CVE-2024-10326 |
|---|---|
| 发布日期 | 2025-03-08T12:21:31.426Z |
| 更新日期 | 2025-03-11T16:07:02.799Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | rometheme |
| 受影响的产品 | RomethemeKit For Elementor |
| 描述 | The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3. |
参考链接:
