Px-Lab Boombox Theme Extensions vulnerabilities
2 known vulnerabilities affecting px-lab/boombox_theme_extensions.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-12295P2HIGHCVSS 8.8≤ 1.8.02025-03-19
CVE-2024-12295 [HIGH] CWE-640 CVE-2024-12295: The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boombox_ajax_reset_password' function. This makes it possible for authenticated attack
nvd
CVE-2024-12859P3HIGHCVSS 8.8≤ 1.8.02025-02-03
CVE-2024-12859 [HIGH] CWE-98 CVE-2024-12859: The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versi
The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the exe
nvd