CVE-2024-10578P2HIGHCVSS 8.8≤ 1.0.72024-12-06
CVE-2024-10578 [HIGH] CWE-434 CVE-2024-10578: The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins t
nvd