Description
Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
Published: 2025-05-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Rozario theme contains a missing authorization flaw that enables attackers to bypass access controls. This flaw allows unauthorized users to invoke theme‑provided functions or access sections that should be restricted. The associated weakness is CWE‑862. The impact is that an attacker could create, modify, or delete content, execute arbitrary actions, or gain elevated privileges within the WordPress site.

Affected Systems

All releases of the Rozario theme version 1.4 and earlier, distributed by themeton, are affected. WordPress sites that use Rozario up to version 1.4 should be considered vulnerable.

Risk and Exploitability

The CVSS score of 5.3 classifies the vulnerability as medium severity, but the EPSS score of less than 1% indicates a low likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is through the WordPress environment, where an attacker can send requests to endpoints handled by Rozario that lack proper authorization checks. No specific prerequisite access level is stated; the flaw allows bypassing authorization checks regardless of the attacker's credential level.

Generated by OpenCVE AI on May 1, 2026 at 08:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Rozario to the latest version (greater than 1.4) as soon as possible.
  • If an immediate upgrade is not feasible, disable or remove the Rozario theme to eliminate the vulnerable code path.
  • Review WordPress role and capability settings to restrict access to theme‑specific functionalities, ensuring that only trusted administrators can use them.

Generated by OpenCVE AI on May 1, 2026 at 08:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15463 Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in themeton Rozario rozario allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rozario: from n/a through <= 1.4. Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
Title WordPress Rozario theme <= 1.4 - Broken Access Control Vulnerability WordPress Rozario <= 1.4 - Broken Access Control Vulnerability
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4. Missing Authorization vulnerability in themeton Rozario rozario allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rozario: from n/a through <= 1.4.
Title WordPress Rozario <= 1.4 - Broken Access Control Vulnerability WordPress Rozario theme <= 1.4 - Broken Access Control Vulnerability
References

Fri, 16 May 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 May 2025 16:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
Title WordPress Rozario <= 1.4 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:04.707Z

Reserved: 2025-03-26T09:25:47.353Z

Link: CVE-2025-31065

cve-icon Vulnrichment

Updated: 2025-05-16T16:05:50.762Z

cve-icon NVD

Status : Deferred

Published: 2025-05-16T16:15:36.590

Modified: 2026-04-28T19:30:57.190

Link: CVE-2025-31065

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:45:06Z

Weaknesses