What the vulnerability does
01Description
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
What the vulnerability does
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
Explanation of Vulnerability in Simple Terms
XStore Core versions up to 5.3.8 lack proper authorization checks, allowing authenticated users to modify or delete site data without permission. An attacker with a low-privilege account can change settings, content, or configurations that should be restricted to administrators. This affects the integrity and availability of the site.
What an attacker can do
Modify or delete site data and settings that should be restricted to administrators.
Potential impact on your site
Unauthorized users can alter critical site content, settings, or functionality, potentially disrupting operations.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities