Vulnerabilities > CVE-2024-43341 - Missing Authorization vulnerability in Cozythemes Hello Agency

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cozythemes

CWE-862

critical

NVD

Published: 2024-11-01

Updated: 2024-11-13

Summary

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5.

Vulnerable Configurations

Part	Description	Count
Application	Cozythemes Cozythemes Hello Agency - Cozythemes Hello Agency 1.0.0 Cozythemes Hello Agency 1.0.1 Cozythemes Hello Agency 1.0.2 Cozythemes Hello Agency 1.0.3 Cozythemes Hello Agency 1.0.4 Cozythemes Hello Agency 1.0.5	7

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://patchstack.com/database/vulnerability/hello-agency/wordpress-hello-agency-theme-1-0-5-broken-access-control-vulnerability?_s_id=cve