Description
Missing Authorization vulnerability in themearile Consultstreet consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Consultstreet: from n/a through <= 3.0.0.
Published: 2025-09-05
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Consultstreet WordPress theme that allows attackers to bypass the theme’s access control mechanisms. Because the theme fails to verify that a user has the correct permissions before performing privileged actions, an attacker could manipulate or delete content, change theme settings, or execute arbitrary code within the WordPress environment. The weakness maps to CWE‑862, indicating that role‑based access control checks are insufficient or absent.

Affected Systems

Any WordPress site that uses the Consultstreet theme from themearile with a version equal to or lower than 3.0.0 is affected. This includes all installations where that theme is active, regardless of the WordPress version. The issue is present throughout the theme’s code base, making every instance of the theme vulnerable until an updated version is applied.

Risk and Exploitability

The CVSS score of 4.3 reflects a moderate severity that can lead to moderate impact if the vulnerability is exploited. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild at the time of this analysis, and the vulnerability is not listed in CISA’s KEV catalog. Because the flaw arises from an incorrect configuration of the theme’s security levels, the most likely attack vector would involve an attacker who can authenticate to the WordPress backend or who can otherwise exploit insufficiently protected admin interfaces; however, no public exploit has been reported.

Generated by OpenCVE AI on April 30, 2026 at 02:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Consultstreet theme to a version newer than 3.0.0 or replace it with an alternative theme that is known to enforce proper access control.
  • Enforce strict role‐based permissions in WordPress, ensuring that only users with the required capabilities can reach theme‑specific admin screens—use a reputable security plugin to audit and enforce these checks.
  • Review any custom integrations the theme provides for residual privileged operations and apply the principle of least privilege to those functions, disabling or securing sections that perform actions without a proper capability check.

Generated by OpenCVE AI on April 30, 2026 at 02:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-26964 Missing Authorization vulnerability in ThemeArile Consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Consultstreet: from n/a through 3.0.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ThemeArile Consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Consultstreet: from n/a through 3.0.0. Missing Authorization vulnerability in themearile Consultstreet consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Consultstreet: from n/a through <= 3.0.0.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Sun, 07 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 05 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Sep 2025 14:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ThemeArile Consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Consultstreet: from n/a through 3.0.0.
Title WordPress Consultstreet Theme <= 3.0.0 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-13T00:16:36.917Z

Reserved: 2025-09-05T10:49:25.892Z

Link: CVE-2025-58813

cve-icon Vulnrichment

Updated: 2025-09-05T19:25:15.175Z

cve-icon NVD

Status : Deferred

Published: 2025-09-05T14:15:52.110

Modified: 2026-04-23T15:33:41.080

Link: CVE-2025-58813

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T02:45:16Z

Weaknesses