CVE-2024-13423: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2024-13423 affects the Sparkling WordPress theme versions 2.4.9 and below. It is characterized as a Missing Authorization vulnerability that allows unauthenticated users to perform arbitrary plugin activation and deactivation actions (Wordfence Intel).

The vulnerability has been assigned a CVSS v3.1 score of 5.3 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The issue exists in the welcome screen functionality of the theme, specifically in the class-sparkling-welcome.php file, where insufficient authorization checks allow unauthorized users to manipulate plugin states (WordPress Themes).

When exploited, this vulnerability allows unauthenticated attackers to activate or deactivate WordPress plugins at will, potentially disrupting site functionality and creating security gaps through the manipulation of security plugin states (Wordfence Intel).

Users running affected versions of the Sparkling theme should update to a patched version as soon as it becomes available. In the interim, website administrators should consider implementing additional security measures or switching to an alternative theme (Wordfence Intel).