What the vulnerability does
01Description
Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through <= 3.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through <= 3.5.
Explanation of Vulnerability in Simple Terms
Litho Addons versions 3.5 and earlier lack proper authorization checks, allowing authenticated users to modify or disable site functionality. An attacker with low-level access can alter settings or disable features without proper permission validation. This affects data integrity and site availability for administrators relying on access controls.
What an attacker can do
Modify or disable site features and settings without proper authorization.
Potential impact on your site
Unauthorized users can alter plugin settings or disable functionality, compromising site integrity and availability.
Conditions required to exploit
Attacker must have a low-level user account on the site.
Key dates
External resources