2025-03-05 11:22:09
Wordfence
PUBLISHED
The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the sparkling_activate_plugin and sparkling_deactivate_plugin functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to activate/deactivate arbitrary plugins.