Medium severity5.3NVD Advisory· Published Mar 5, 2025· Updated Jun 17, 2026
CVE-2024-13423
CVE-2024-13423
Description
The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to activate/deactivate arbitrary plugins.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.4.9+ 1 more
- (no CPE)range: <=2.4.9
- (no CPE)range: <=2.4.9
Patches
Vulnerability mechanics
References
4- themes.trac.wordpress.org/browser/sparkling/2.4.9/inc/welcome-screen/class-sparkling-welcome.phpnvd
- themes.trac.wordpress.org/browser/sparkling/2.4.9/inc/welcome-screen/class-sparkling-welcome.phpnvd
- themes.trac.wordpress.org/changeset/266657/nvd
- www.wordfence.com/threat-intel/vulnerabilities/id/1fa8dba0-0227-428d-a6de-c4247c40e481nvd
News mentions
0No linked articles in our index yet.