Oqt+3CCVE-2024-43998

CVE-2024-43998:
WordPress 5FOqC0

6/dCYd

A Missing Authorization vulnerability was discovered in WebsiteinWP Blogpoet WordPress theme affecting versions through 1.0.3. The vulnerability was disclosed on November 1, 2024, and received a CVSS v3.1 base score of 9.8 (CRITICAL) from NIST NVD, while Patchstack assigned it a CVSS score of 6.5 (MEDIUM) (NVD, Patchstack).

69Gavs

The vulnerability is classified as CWE-862 (Missing Authorization) and involves functionality not properly constrained by Access Control Lists (ACLs). The issue allows unauthenticated users to access functionality that should be restricted. The vulnerability was discovered by Fariq Fadillah Gusti Insani and reported on August 6, 2024 (Patchstack).

k4I7F8

This broken access control vulnerability could allow unprivileged users to execute certain higher privileged actions. The severity of the vulnerability is reflected in its CVSS v3.1 scores, with NIST rating it as Critical (9.8) indicating potential for high impact on confidentiality, integrity, and availability (NVD).

Cv1hTD

Users are advised to update to Blogpoet version 1.0.4 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to a fixed version (Patchstack).

eODNrw

wdxz7K: lXzpe4

Sn+yiv

yRZyYq	BDHA/i	Eq6YVV	qBL0qL	3pJ7V5	yd/Ltz	LfWFUw	MefUT7
CVE-2025-12966	HIGH	8.8	WordPress	all-in-one-video-gallery	1UzENP	l75CjT	Dec 06, 2025
CVE-2025-13907	MEDIUM	6.4	WordPress	css3-buttons	1UzENP	1UzENP	Dec 06, 2025
CVE-2025-13899	MEDIUM	6.4	WordPress	tr-timthumb	1UzENP	1UzENP	Dec 06, 2025
CVE-2025-13898	MEDIUM	6.4	WordPress	ultra-skype-button	1UzENP	1UzENP	Dec 06, 2025
CVE-2025-13896	MEDIUM	6.4	WordPress	social-feed-gallery-portfolio	1UzENP	1UzENP	Dec 06, 2025

0Y8wfh

fX1rcP

Rkx7gz

lVlJIo

hg51QW

Rm1gZh

v5ktBc

"shq3dj"

htk05AkgqPHn

"hFkAdK"

3uy78sXKvT9s

"KLylDc"

hanb5o7KXyr8

mVfxVn

CVE-2024-43998: WordPress 5FOqC0