Impact
This vulnerability allows a subscriber user to bypass access controls within the Martfury theme. The flaw is a broken access control condition that enables subscribers to perform actions intended only for higher‑privileged roles. The impact is limited to privilege escalation within the theme’s functionality, potentially exposing sensitive data or altering marketplace settings. The weakness is classified as CWE‑862, indicating improper authorization.
Affected Systems
Martfury – WooCommerce Marketplace WordPress Theme by drfuri. Versions 3.2.8 and earlier are affected. Upgrading to any release newer than 3.2.8 removes the flaw.
Risk and Exploitability
The CVSS score of 4.3 indicates a low to moderate severity. Because the EPSS score is not available, the current exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, suggesting no known large‑scale exploitation. It likely requires an authenticated subscriber account and access to protected theme views, so the attack vector is local or web‑based with user credentials. Exploitation would enable an attacker to gain elevated privileges within the Martfury theme but would not globally compromise the WordPress installation.
OpenCVE Enrichment