Description
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Published: 2026-06-17
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated Broken Access Control flaw exists in the WordPress Dating Theme versions up to 11.2.0. The vulnerability allows an attacker to bypass normal authorization checks and access administrative functions or sensitive content that should be restricted to privileged users. This weakness can lead to unauthorized configuration changes, data theft, or further compromise of the WordPress installation. The flaw is classified as CWE-862, a classic example of inadequate access control, and carries a high severity CVSS score of 8.6.

Affected Systems

The issue affects PremiumPress Limited’s WordPress Dating Theme, specifically all releases 11.2.0 and earlier. Any WordPress site that has this theme installed and has not upgraded beyond version 11.2.0 is vulnerable. No other products or versions are listed as affected.

Risk and Exploitability

The CVSS metric indicates a high likelihood of successful unauthorized access. While the EPSS score is not listed in the CISA KEV catalog, the nature of the flaw suggests that exposed WordPress installations could be targeted remotely over the web. The attack path is inferred to be through standard public URLs that the theme provides, enabling an unauthenticated user to exercise privileged actions. Because no special conditions or additional software components are required, the risk of exploitation is considered significant for sites running a vulnerable version of the theme.

Generated by OpenCVE AI on June 18, 2026 at 14:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update WordPress Dating Theme to the latest release, version 11.3.0 or newer.
  • If an immediate upgrade is not possible, remove or disable the theme until it can be patched.
  • Restrict administrative access to known IP addresses and enforce strong, unique credentials for all WordPress accounts.

Generated by OpenCVE AI on June 18, 2026 at 14:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Premiumpress Limited.
Premiumpress Limited. wordpress Dating Theme
Wordpress
Wordpress wordpress
Vendors & Products Premiumpress Limited.
Premiumpress Limited. wordpress Dating Theme
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Title WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}


Subscriptions

Premiumpress Limited. Wordpress Dating Theme
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T12:33:41.987Z

Reserved: 2026-01-07T12:21:11.737Z

Link: CVE-2026-22343

cve-icon Vulnrichment

Updated: 2026-06-17T12:33:38.493Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T23:04:31Z

Weaknesses