CVE-2024-10673
published 2024-11-09CVE-2024-10673: The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.15%
62.8th percentile
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| themehunk | top_store | <= 1.5.4 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL SQL sa brute force failed login unicode attempt
suricata·2010-09-23
CVE-2000-1209 GPL SQL sa brute force failed login unicode attempt
GPL SQL sa brute force failed login unicode attempt
Rule: alert tcp $SQL_SERVERS 1433 -> $EXTERNAL_NET any (msg:"GPL SQL sa brute force failed login unicode attempt"; flow:established,to_client; content:"L|00|o|00|g|00|i|00|n|00| |00|f|00|a|00|i|00|l|00|e|00|d|00| |00|f|00|o|00|r|00| |00|u|00|s|00|e|00|r|00| |00|'|00|s|00|a|00|'|00|"; threshold:type threshold, track by_src, count 5, seconds 2; reference:bugtraq,4797; reference:cve,2000-1209; reference:nessus,10673; classtype:unsuccessful-user; sid:2103273; rev:5; metadata:created_at 2010_09_23, cve CVE_2000_1209, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL SQL sa brute force failed login attempt
suricata·2010-09-23
CVE-2000-1209 GPL SQL sa brute force failed login attempt
GPL SQL sa brute force failed login attempt
Rule: alert tcp $SQL_SERVERS 1433 -> $EXTERNAL_NET any (msg:"GPL SQL sa brute force failed login attempt"; flow:established,to_client; content:"Login failed for user 'sa'"; threshold:type threshold, track by_src, count 5, seconds 2; reference:bugtraq,4797; reference:cve,2000-1209; reference:nessus,10673; classtype:unsuccessful-user; sid:2103152; rev:5; metadata:created_at 2010_09_23, cve CVE_2000_1209, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL SQL sa login failed
suricata·2010-09-23
CVE-2000-1209 GPL SQL sa login failed
GPL SQL sa login failed
Rule: alert tcp $SQL_SERVERS 1433 -> $EXTERNAL_NET any (msg:"GPL SQL sa login failed"; flow:established,to_client; content:"Login failed for user 'sa'"; reference:bugtraq,4797; reference:cve,2000-1209; reference:nessus,10673; classtype:unsuccessful-user; sid:2100688; rev:12; metadata:created_at 2010_09_23, cve CVE_2000_1209, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
2024-11-09
Published