GHSA-xv9x-q8hf-frgh
GitHub Security Advisory
⚠ Unreviewed
HIGH
Has CVE
Advisory Details
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution.
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: November 24, 2025 6:29 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.