Resoto Missing Authorization Vulnerability Allowing Arbitrary Plugin Activation

Vulnerability

A missing authorization vulnerability has been identified in the Resoto WordPress theme, specifically in versions through 1.0.8. This vulnerability arises from incorrectly configured access control security levels, allowing unauthorized users to exploit the flaw.

Impact

Exploitation of this vulnerability could lead to unauthorized activation of plugins, potentially allowing attackers to execute malicious actions or introduce harmful functionality to the WordPress site.

Added: Dec 24, 2025, 4:36 PM

Updated: Dec 24, 2025, 4:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Resoto Missing Authorization Vulnerability Allowing Arbitrary Plugin Activation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating