The Big Store WordPress theme suffers from a missing authorization flaw that allows attackers to access restricted functionality. The vulnerability is a classic Broken Access Control issue (CWE‑862) which could let an unauthorized user bypass role checks and retrieve or modify privileged content through the theme’s web interface. The official CVSS score of 4.3 indicates a moderate severity, and the EPSS score of less than 1% suggests a low current exploitation probability.

Themehunk Big Store, a WordPress theme available through the WordPress ecosystem, is affected by this flaw. Version numbers from the product’s inception up to and including 2.0.8 are vulnerable. Users running any of these versions on a publicly accessible WordPress installation should consider them impacted.

The risk level is moderate based on the reported CVSS rating, and the low EPSS score indicates that widespread exploitation is presently unlikely. However, the vulnerability can be leveraged by individuals who obtain authenticated access to the WordPress admin console or who can tamper with the theme’s configuration files, potentially allowing them to read or modify protected data. As the issue is not listed in CISA’s KEV catalog, no known public exploits have been documented at this time.