Description
Subscriber Broken Access Control in Genemy <= 1.6.6 versions.
Published: 2026-06-16
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the Genemy theme permits users with subscriber privileges to access or modify areas reserved for higher‑privilege roles, leading to unauthorized content changes, configuration tampering, or potential escalation of privileges. This weakness is classified as CWE‑862, which denotes a lack of proper authorization checks.

Affected Systems

The issue affects the WordPress “Genemy” theme released by Jthemes, specifically all versions up to and including 1.6.6. Users running these versions on their sites are susceptible to the broken access controls.

Risk and Exploitability

The CVSS score of 6.5 places the vulnerability in the moderate severity range, and the EPSS score of less than 1% indicates a very low probability of exploitation in the wild at this time. It is not listed in the CISA KEV catalog, further suggesting that widespread exploitation has not yet been observed. The likely attack vector is remote via the web interface; an attacker would need to authenticate as a user with subscriber-level access or create a new subscriber account to leverage the broken authorization checks.

Generated by OpenCVE AI on June 17, 2026 at 20:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Genemy theme to a newer version beyond 1.6.6 once the vendor releases a fix.
  • Disable or remove the theme from the site if an upgrade is not immediately available.
  • Apply a role‑based access control hardening measure via a security plugin to ensure subscribers cannot exceed intended permissions until a patch is applied.

Generated by OpenCVE AI on June 17, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Jthemes
Jthemes genemy
Wordpress
Wordpress wordpress
Vendors & Products Jthemes
Jthemes genemy
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Description Subscriber Broken Access Control in Genemy <= 1.6.6 versions.
Title WordPress Genemy theme <= 1.6.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}


Subscriptions

Jthemes Genemy
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T10:49:24.579Z

Reserved: 2025-12-29T11:19:41.704Z

Link: CVE-2025-69137

cve-icon Vulnrichment

Updated: 2026-06-17T10:49:18.393Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:04:12Z

Weaknesses