CVE-2024-2848 HIGH

CVE-2024-2848: Responsive <= 5.0.2 - Missing Authorization to HTML Injection

Vendor Cyberchimps

Product Responsive

Weakness CWE-862 · Missing authorization

Published March 29, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site's footer.

Key dates

02Disclosure timeline

March 29, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2848 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-49287 WordPress Product Feed for WooCommerce plugin <= 2.2.8 - Broken Access Control Vulnerability CVE-2025-58824 WordPress Shk Corporate Theme <= 2.4.1.1 - Broken Access Control Vulnerability CVE-2026-25415 WordPress WPBookit Pro plugin <= 1.6.18 - Broken Access Control vulnerability CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation CVE-2025-43805