The vulnerability in the uxper Golo theme is a missing‑authorization flaw that can be leveraged to bypass intended security controls. An attacker who can interact with the theme’s administrative features can perform actions normally reserved for privileged users, such as editing or deleting theme data, without proper authentication. This shortfall aligns with CWE‑862, indicating that user decisions are not correctly validated and authenticated.

The Golo theme (uxper:Golo) is vulnerable in all releases earlier than version 1.7.5. WordPress sites that have installed any version of this theme from the first release through 1.7.4 are affected. No specific operating system or PHP version is mentioned in the CVE record, so any environment running WordPress with that theme may be impacted.

The CVSS score of 8.8 indicates a high severity, and the EPSS score of less than 1 percent suggests that active exploitation of this issue is currently uncommon. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, implying that no widespread, publicly disclosed attacks have been reported. Given that the flaw involves access control in a browser‑based CMS component, it is likely to be exploitable over the network by any user who can reach the WordPress administrative interface; this inference is based on the nature of the flaw, though the CVE does not explicitly state the attack vector.