Primary

Context

CozyStay WordPress Theme Missing Authorization Vulnerability in ajax_handler Function

Vulnerability

A vulnerability exists in the CozyStay theme for WordPress, in all versions through 1.7.0, allowing unauthorized data modification. This issue arises from a lack of capability checks in the ajax_handler function, enabling unauthenticated attackers to perform arbitrary actions.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of actions, potentially allowing attackers to modify data or settings without proper authorization.

Remediation

Users are advised to update the CozyStay WordPress theme to version 1.7.1 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CozyStay WordPress Theme Missing Authorization Vulnerability in ajax_handler Function

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating