{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T15:19:34.031","vulnerabilities":[{"cve":{"id":"CVE-2024-12920","sourceIdentifier":"security@wordfence.com","published":"2025-03-19T12:15:12.797","lastModified":"2026-06-17T07:00:45.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options."},{"lang":"es","value":"El tema FoodBakery | Delivery Restaurant Directory WordPress Theme para WordPress es vulnerable al acceso y la modificación no autorizados de datos debido a la falta de comprobación de las funciones foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore y theme_option_rest_all en todas las versiones hasta la 4.7 incluida. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, eliminar archivos arbitrarios, actualizar las opciones del tema, exportar las opciones del widget, importar las opciones del widget, generar copias de seguridad, restaurarlas y restablecer las opciones del tema."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"Chimpstudio","product":"FoodBakery | Delivery Restaurant Directory WordPress Theme","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-19T13:33:11.880198Z","id":"CVE-2024-12920","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9af8267f-48b1-4537-8985-6af1245ceed5?source=cve","source":"security@wordfence.com"}]}}]}