CVE-2024-33686
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea WP: from n/a through 1.0.13; Elevate WP: from n/a through 1.0.15; Brite: from n/a through 1.0.11; Colibri WP: from n/a through 1.0.94; Vertice: from n/a through 1.0.7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Extend Themes | Pathway | n/a <= 1.0.15 | affected |
| Extend Themes | Hugo WP | n/a <= 1.0.8 | affected |
| Extend Themes | Althea WP | n/a <= 1.0.13 | affected |
| Extend Themes | Elevate WP | n/a <= 1.0.15 | affected |
| Extend Themes | Brite | n/a <= 1.0.11 | affected |
| Extend Themes | Colibri WP | n/a <= 1.0.94 | affected |
| Extend Themes | Vertice | n/a <= 1.0.7 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://patchstack.com/database/vulnerability/pathway/wordpress-pathway-theme-1-0-15-cross-site-request-forgery-csrf-vulnerability
- https://patchstack.com/database/vulnerability/hugo-wp/wordpress-hugo-wp-theme-1-0-8-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/althea-wp/wordpress-althea-wp-theme-1-0-13-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/elevate-wp/wordpress-elevate-wp-theme-1-0-15-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/brite/wordpress-brite-theme-1-0-11-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/colibri-wp/wordpress-colibri-wp-theme-1-0-94-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/vertice/wordpress-vertice-theme-1-0-7-broken-access-control-vulnerability
References
- https://patchstack.com/database/vulnerability/pathway/wordpress-pathway-theme-1-0-15-cross-site-request-forgery-csrf-vulnerability
- https://patchstack.com/database/vulnerability/hugo-wp/wordpress-hugo-wp-theme-1-0-8-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/althea-wp/wordpress-althea-wp-theme-1-0-13-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/elevate-wp/wordpress-elevate-wp-theme-1-0-15-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/brite/wordpress-brite-theme-1-0-11-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/colibri-wp/wordpress-colibri-wp-theme-1-0-94-broken-access-control-vulnerability
- https://patchstack.com/database/vulnerability/vertice/wordpress-vertice-theme-1-0-7-broken-access-control-vulnerability
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.