Description
Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
Published: 2025-05-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows the exploitation of incorrectly configured access control security levels. Attackers can perform operations that should be restricted, potentially altering or exposing sensitive data. The primary impact is the circumvention of intended privilege limits, which can lead to unauthorized data modification or disclosure.

Affected Systems

WordPress users employing the themeton "The Business" theme with version 1.6.1 or earlier are affected. The issue applies to all releases through 1.6.1.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, while the EPSS score of less than 1% reflects a very low likelihood of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote, through web requests to the theme’s administrative or exposed pages, and may require a user to be authenticated or rely on misconfigured access controls that allow unauthenticated access. Although the technical barrier is moderate, the potential for privilege escalation warrants attention.

Generated by OpenCVE AI on April 30, 2026 at 19:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the "The Business" theme to version 1.6.2 or later to receive the official fix for the authorization flaw.
  • If upgrading is not immediately possible, limit administrative functionality exposed by the theme by configuring WordPress role permissions to prevent unauthorized users from accessing the protected sections involving the theme.
  • As a temporary containment measure, disable or remove the theme from the live site until a patched version is available.

Generated by OpenCVE AI on April 30, 2026 at 19:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15467 Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in themeton The Business nrgbusiness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Business: from n/a through <= 1.6.1. Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
Title WordPress The Business theme <= 1.6.1 - Broken Access Control Vulnerability WordPress The Business <= 1.6.1 - Broken Access Control Vulnerability
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1. Missing Authorization vulnerability in themeton The Business nrgbusiness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Business: from n/a through <= 1.6.1.
Title WordPress The Business <= 1.6.1 - Broken Access Control Vulnerability WordPress The Business theme <= 1.6.1 - Broken Access Control Vulnerability
References

Fri, 16 May 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 May 2025 16:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
Title WordPress The Business <= 1.6.1 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:10.717Z

Reserved: 2025-03-31T10:06:31.923Z

Link: CVE-2025-31630

cve-icon Vulnrichment

Updated: 2025-05-16T16:37:12.277Z

cve-icon NVD

Status : Deferred

Published: 2025-05-16T16:15:37.150

Modified: 2026-04-28T19:31:12.637

Link: CVE-2025-31630

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T20:00:14Z

Weaknesses