What the vulnerability does
01Description
Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.9.
Explanation of Vulnerability in Simple Terms
02Summary
Xpro Theme Builder versions up to 1.2.9 lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can change data integrity without needing special interaction. The vulnerability affects the theme builder's access control logic.
What an attacker can do
03Attacker Capabilities
Modify or alter content and settings they should not have permission to change.
Potential impact on your site
04Site Impact
Unauthorized users can alter site content, theme settings, or data integrity without admin approval.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
August 27, 2025
CVE published
May 12, 2026
Record updated