The vulnerability is a missing authorization flaw in the KALLYAS WordPress theme which can allow an attacker to bypass intended access controls and perform privileged actions without proper authentication. This weakness is defined by CWE‑862 and could enable users with insufficient privileges to gain in‑depth access to restricted sections or functionalities of a website that uses the affected theme.

The problem is present in all versions of the KALLYAS theme up to and including 4.22.0. Any WordPress site that has installed or is continuing to run KALLYAS <= 4.22.0 is impacted. The flaw may affect sites that rely on the theme for layout and content management, potentially exposing administrative pages or backend scripts.

The CVSS base score of 5.4 indicates a moderate level of risk. The EPSS score is below 1%, showing that the likelihood of exploitation is low at present, and the vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector would involve an attacker having some access to the site’s content‑management system or discovering URLs controlled by the theme’s internal access controls. Until a patch is applied, the risk can be moderated by the limited exploitation probability, but the potential impact of a successful attack remains significant because of the compromised integrity and confidentiality of the site’s protected resources.