The Powerlift theme for WordPress before version 3.2.1 contains a missing authorization flaw that enables broken access control. This deficiency allows an attacker to gain unauthorized rights, potentially modifying site content or settings, thereby affecting the integrity and confidentiality of the WordPress installation. The weakness is classified under CWE‑862, indicating that the system fails to enforce proper permission checks for privileged actions.

The affected product is the Mikado‑Themes Powerlift WordPress theme. All releases from the earliest available version up to, but not including, 3.2.1 are impacted. Users that have installed any of these older Powerlift versions should verify the exact release they are using to determine if remediation is required.

The CVSS score for this issue is 4.3, placing it in the moderate severity range. The EPSS score is reported as less than 1%, suggesting a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly defined in the available data, but broken access control typically requires either an authenticated user role or certain site permissions; therefore it is inferred that an attacker with some level of site access could exploit the flaw. No additional prerequisites or conditions are disclosed.