CVE-2024-12295: BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_pass...

8.8 CVSS

Description

The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boombox_ajax_reset_password' function. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Classification

CVE ID: CVE-2024-12295

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

Affected Products

Vendor: PX-lab

Product: BoomBox Theme Extensions

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.59% (scored less or equal to compared to others)

EPSS Date: 2025-04-17 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-12295
https://www.wordfence.com/threat-intel/vulnerabilities/id/c453aaf6-767d-4929-bbb3-3c0b78b0507a?source=cve
https://themeforest.net/item/boombox-viral-buzz-wordpress-theme/16596434

Timeline

2025-03-19 05:40:18 UTC
CVE

BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_pass...