The vulnerability is a missing authorization flaw in the raratheme Preschool and Kindergarten theme, allowing attackers to exploit incorrectly configured access control security levels. This flaw can enable individuals to gain unauthorized access to administrative functions or sensitive data without proper authentication, potentially altering theme settings, uploading malicious code, or accessing privileged information. The weakness is identified as CWE-862, which indicates a missing or incorrect access control check.

The affected product is the raratheme Preschool and Kindergarten WordPress theme, versions n/a through 1.2.5. Any WordPress installation using this theme from its initial release up to and including version 1.2.5 is at risk. Specific version data from the CNA identifies the entire range of versions up to 1.2.5 as impacted.

The CVSS base score is 5.3, indicating a moderate severity. The EPSS score is reported as less than 1%, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly defined in the provided data; however, based on typical WordPress theme interactions, it is inferred that the flaw can be exploited remotely via web requests to privileged pages or administrative endpoints. No prerequisites beyond accessing the affected theme's administrative interfaces are described, implying that an attacker could leverage this weakness with minimal effort once the site is reachable.