Impact
The vulnerability in the Genemy theme permits users with subscriber privileges to access or modify areas reserved for higher‑privilege roles, leading to unauthorized content changes, configuration tampering, or potential escalation of privileges. This weakness is classified as CWE‑862, which denotes a lack of proper authorization checks.
Affected Systems
The issue affects the WordPress “Genemy” theme released by Jthemes, specifically all versions up to and including 1.6.6. Users running these versions on their sites are susceptible to the broken access controls.
Risk and Exploitability
The CVSS score of 6.5 places the vulnerability in the moderate severity range, and the EPSS score of less than 1% indicates a very low probability of exploitation in the wild at this time. It is not listed in the CISA KEV catalog, further suggesting that widespread exploitation has not yet been observed. The likely attack vector is remote via the web interface; an attacker would need to authenticate as a user with subscriber-level access or create a new subscriber account to leverage the broken authorization checks.
OpenCVE Enrichment