Refine your search

1 vulnerability found for Networker - Tech News WordPress Theme with Dark Mode by codesupplyco

CVE-2024-2962 (GCVE-0-2024-2962)
Vulnerability from cvelistv5
Published
2024-03-27 08:31
Modified
2026-04-08 16:38
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE
Summary
The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.
References
Impacted products
Vendor Product Version
codesupplyco Networker - Tech News WordPress Theme with Dark Mode Version: 0    1.1.9
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c2b9858-eb0c-42bd-bc32-c58c0f809fc8?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/Xib3rR4dAr/f5f5d07263fdac28b6e9ba2f6c4e4523"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/Xib3rR4dAr/ab293092ffcfe3c14a3c7daf5462a50b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:codesupplyco:networker_technews_wordpress_theme_with_dark_mode:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "networker_technews_wordpress_theme_with_dark_mode",
            "vendor": "codesupplyco",
            "versions": [
              {
                "lessThanOrEqual": "1.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2962",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T15:34:53.410862Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:37:52.379Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Networker - Tech News WordPress Theme with Dark Mode",
          "vendor": "codesupplyco",
          "versions": [
            {
              "lessThanOrEqual": "1.1.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Muhammad Zeeshan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:38:27.270Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c2b9858-eb0c-42bd-bc32-c58c0f809fc8?source=cve"
        },
        {
          "url": "https://gist.github.com/Xib3rR4dAr/f5f5d07263fdac28b6e9ba2f6c4e4523"
        },
        {
          "url": "https://gist.github.com/Xib3rR4dAr/ab293092ffcfe3c14a3c7daf5462a50b"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-26T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Networker - Tech News WordPress Theme with Dark Mode \u003c= 1.1.9 - Missing Authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-2962",
    "datePublished": "2024-03-27T08:31:14.428Z",
    "dateReserved": "2024-03-26T19:41:49.577Z",
    "dateUpdated": "2026-04-08T16:38:27.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}