Description
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
Published: 2025-11-06
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from a missing authorization check in the uxper Togo theme for WordPress. A missing guard allows a threat actor to access parts of the site that are normally restricted, potentially exposing or manipulating content that should be protected. This weakness, catalogued as CWE‑862, results in a compromise of confidentiality and integrity of site data.

Affected Systems

WordPress installations that use the Togo theme version earlier than 1.0.4, including all builds from the initial release through just below 1.0.4. The vendor responsible for the update is uxper.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. The EPSS score of less than 1% suggests that exploitation is unlikely at present, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that attackers would likely exploit the flaw by submitting crafted requests to the WordPress instance to reach administrative functions or view content that should be gated, assuming authentication checks fail. It is inferred that the issue can be leveraged remotely via the web interface without any additional privileges.

Generated by OpenCVE AI on April 30, 2026 at 05:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Togo theme to version 1.0.4 or newer.
  • If an upgrade cannot be performed immediately, deactivate or remove the theme to block further exploitation.
  • Review the theme’s code or site logs for unauthorized changes and enforce proper role‑based access controls on the WordPress installation.

Generated by OpenCVE AI on April 30, 2026 at 05:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Fri, 07 Nov 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Thu, 06 Nov 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 06 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
Title WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:59.394Z

Reserved: 2025-10-07T15:34:20.407Z

Link: CVE-2025-62033

cve-icon Vulnrichment

Updated: 2025-11-06T18:15:32.150Z

cve-icon NVD

Status : Deferred

Published: 2025-11-06T16:16:09.470

Modified: 2026-04-27T17:16:30.360

Link: CVE-2025-62033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T05:15:28Z

Weaknesses