Vulnerabilities and security researches fordemo-awesome demo-awesome

Jun 24, 2024

CVE, Research URL: CVE-2024-37207
Home page URL: Security reports for Demo Awesome
Application: Demo Awesome
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.
Affected versions: max 1.0.3.
Status: vulnerable

CVE, Research URL: CVE-2024-37206
Home page URL: Security reports for Demo Awesome
Application: Demo Awesome
Date: Jul 22, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme4Press Demo Awesome allows Reflected XSS.This issue affects Demo Awesome: from n/a through 1.0.1.
Affected versions: max 1.0.2.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2024-13637
Home page URL: Security reports for Demo Awesome
Application: Demo Awesome
Date: Apr 02, 2025
Research Description: The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins..
Affected versions: max 1.0.3.
Status: vulnerable