Impact
An unauthenticated Broken Access Control flaw exists in the WordPress Dating Theme versions up to 11.2.0. The vulnerability allows an attacker to bypass normal authorization checks and access administrative functions or sensitive content that should be restricted to privileged users. This weakness can lead to unauthorized configuration changes, data theft, or further compromise of the WordPress installation. The flaw is classified as CWE-862, a classic example of inadequate access control, and carries a high severity CVSS score of 8.6.
Affected Systems
The issue affects PremiumPress Limited’s WordPress Dating Theme, specifically all releases 11.2.0 and earlier. Any WordPress site that has this theme installed and has not upgraded beyond version 11.2.0 is vulnerable. No other products or versions are listed as affected.
Risk and Exploitability
The CVSS metric indicates a high likelihood of successful unauthorized access. While the EPSS score is not listed in the CISA KEV catalog, the nature of the flaw suggests that exposed WordPress installations could be targeted remotely over the web. The attack path is inferred to be through standard public URLs that the theme provides, enabling an unauthenticated user to exercise privileged actions. Because no special conditions or additional software components are required, the risk of exploitation is considered significant for sites running a vulnerable version of the theme.
OpenCVE Enrichment