cbcvebase.
CVE-2024-10124
published 2024-12-12

CVE-2024-10124: The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation…

PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
31.22%
98.0th percentile
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.

Affected

1 ranges
VendorProductVersion rangeFixed in
themehunkvayu_blocks_website_builder_for_the_block_editor<= 1.1.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.