High severity7.5NVD Advisory· Published Mar 19, 2025· Updated Apr 15, 2026
CVE-2024-13412
CVE-2024-13412
Description
The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.