Impact
The vulnerability is a broken access control issue that allows a WordPress user with a subscriber role to perform actions that should be restricted to higher‑privileged roles. This can lead to unauthorized use of theme features, modification of site content or settings, and compromise of data integrity and confidentiality within the affected WordPress installation.
Affected Systems
The affected product is the WordPress Flatsome theme from UX‑themes. All releases up to and including version 3.20.5 are impacted and must be upgraded.
Risk and Exploitability
The CVSS score of 4.3 places this vulnerability in the moderate impact range. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is an authenticated user with subscriber privileges on a WordPress site that has the affected Flatsome theme installed. Exploitation requires only that the user be logged in with the subscriber role; no network or privilege prerequisites beyond this are stated in the description.
OpenCVE Enrichment