Description
Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.
Published: 2026-02-20
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Konte WordPress theme contains a missing authorization flaw that allows attackers to exploit incorrectly configured access control levels. The consequence is that unauthenticated or insufficiently privileged users can gain access to privileged actions, potentially modifying or deleting site content and damaging the integrity of the WordPress installation. This issue maps to CWE-862: Missing Authorization.

Affected Systems

uixthemes’ Konte WordPress theme, including all releases up to and including version 2.4.6. Any site using those versions is impacted.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity vulnerability, while the EPSS score of less than 1% shows a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote HTTP requests that trigger theme functions without proper authorization checks. A competent attacker could craft requests to privileged theme endpoints to gain unauthorized access and perform content manipulation.

Generated by OpenCVE AI on April 29, 2026 at 17:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Konte theme to version 2.4.7 or later to eliminate the missing authorization flaw.
  • Restrict Web access to the theme’s administrative pages for non‑administrator users using role‑based access controls or server‑side restrictions such as .htaccess rules.
  • Review and tighten the site’s user roles and permissions to ensure only administrators can access management and content editing pages.

Generated by OpenCVE AI on April 29, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Wed, 25 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Uixthemes
Uixthemes konte
Wordpress
Wordpress wordpress
Vendors & Products Uixthemes
Uixthemes konte
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.
Title WordPress Konte theme <= 2.4.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Uixthemes Konte
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:20.538Z

Reserved: 2025-12-09T12:21:17.726Z

Link: CVE-2025-67547

cve-icon Vulnrichment

Updated: 2026-02-25T21:08:23.976Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T16:22:02.760

Modified: 2026-04-27T17:16:42.437

Link: CVE-2025-67547

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T17:30:16Z

Weaknesses