What the vulnerability does
01Description
Missing Authorization vulnerability in ThemeNectar Salient salient.This issue affects Salient: from n/a through < 17.4.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in ThemeNectar Salient salient.This issue affects Salient: from n/a through < 17.4.0.
Explanation of Vulnerability in Simple Terms
Salient theme versions up to 17.4.0 lack proper authorization checks on certain administrative functions. A logged-in user with low privileges can modify content or settings they should not have access to. The vulnerability requires an active user account but no special interaction from the victim. Update to a version newer than 17.4.0 to resolve this issue.
What an attacker can do
Modify site content or settings without proper authorization as a low-privilege user.
Potential impact on your site
Unauthorized users can alter site content, settings, or data depending on which functions lack authorization checks.
Conditions required to exploit
Attacker must have a valid user account with low privileges on the site.
Key dates
External resources