The vulnerability is a missing authorization flaw in the Linethemes NanoCare WordPress theme. It allows an attacker to bypass the intended security controls and access administrative or restricted areas of the site. The flaw is cataloged as CWE-862, indicating that the application incorrectly implements access control, potentially enabling privilege escalation or unauthorized data exposure. No code execution or DoS impact is described, but the breach could let an attacker read or modify site content, settings, or user data.

The issue affects the Linethemes NanoCare WordPress theme versions prior to 1.2.2. Any WordPress installation that has this theme deployed and has not upgraded to the fixed version is vulnerable. The problem is confined to the theme implementation and does not require additional components, although all systems running the theme are potentially impacted.

The CVSS score of 5.4 places the vulnerability in the moderate severity range, indicating a non-trivial risk but not the highest. EPSS data is not available, so no exploitation probability can be assigned from the database. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through web requests to the affected theme’s administrative endpoints, since the flaw involves incorrectly configured access control. An attacker who can reach those endpoints may bypass authentication and perform privileged actions against the WordPress site.