← back
CVE-2024-54369

WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability

CVSS 9.1 CRITICALEPSS 1.5%CWE-862
Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through <= 1.0.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected products
ThemeHunk · Zita Site Builder
public PoCs found2
githubgithub.com/RandomRobbieBF/CVE-2024-543690githubgithub.com/Nxploited/CVE-2024-54369-PoC0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/Wordpress/Plugin/ai-site-builder/vulnerability/wordpress-zita-site-builder-plugin-1-0-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve