Volerion logoVolerion
Volerion logoVolerion

Zox News WordPress Theme Missing Authorization Vulnerability in Options Update

Vulnerability

A vulnerability exists in the Zox News theme for WordPress, all versions through 3.16.0, allowing unauthorized data modification that could lead to privilege escalation. This issue arises from a lack of capability checks in the 'backup_options' and 'restore_options' functions. As a result, authenticated attackers with Subscriber-level access or higher can manipulate arbitrary options on the WordPress site. This vulnerability could be exploited to change the default registration role to administrator and enable user registration, granting administrative access to the attacker on the compromised site.

Impact

Exploitation of this vulnerability could allow authenticated users with Subscriber-level access to gain administrative privileges on the WordPress site by manipulating user roles and options.

Remediation

Users are advised to update the Zox News WordPress theme to version 3.17.0 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
5.0
exploitability
5.4
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.