What the vulnerability does
01Description
Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through <= 2.9.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through <= 2.9.
Explanation of Vulnerability in Simple Terms
The Aisle theme versions 2.9 and earlier lack proper authorization checks, allowing authenticated users with low privileges to modify content they should not have access to. An attacker with a basic user account can alter data through the theme's functionality. The vulnerability has a low integrity impact and does not affect confidentiality or availability. Update to a version newer than 2.9.
What an attacker can do
Modify content or settings they should not have permission to change.
Potential impact on your site
Unauthorized users can alter site content, potentially defacing pages or changing settings.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources