Primary

Context

WordPress Sparkling Theme Missing Capability Check Vulnerability Allows Unauthenticated Plugin Management

Vulnerability

A vulnerability exists in the Sparkling theme for WordPress, specifically in versions through 2.4.9. The issue arises from a lack of proper capability checks in the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions. This flaw enables unauthenticated users to activate or deactivate any plugin on the site.

Impact

Exploitation of this vulnerability allows for unauthorized activation or deactivation of WordPress plugins, which could lead to a range of issues depending on the functionality of the affected plugins.

Remediation

Users can update to WordPress Sparkling theme version 2.4.10 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Sparkling Theme Missing Capability Check Vulnerability Allows Unauthenticated Plugin Management

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating