Impact
The Werkstatt theme version 4.7.2 and earlier contain a broken access control flaw that allows a WordPress user with the Subscriber role to perform actions that should only be available to higher‑privileged roles. This elevation can enable the user to modify site content, settings, or other protected data, thereby compromising the integrity and possibly the confidentiality of the website.
Affected Systems
The vulnerability affects the Fuelthemes Werkstatt theme on WordPress installations running any version up to and including 4.7.2.
Risk and Exploitability
The CVSS score of 4.3 indicates a moderate severity, and the lack of an EPSS score and KEV listing suggests that exploitation is not widespread yet. The flaw can be leveraged by any normal site subscriber, meaning the attack vector is local user access, and the attacker can exploit this without needing elevated credentials or remote access.
OpenCVE Enrichment