Primary

Context

Golo WordPress Theme Privilege Escalation Vulnerability via Unauthenticated Password Change

Vulnerability

A privilege escalation vulnerability has been identified in the Golo - City Travel Guide WordPress Theme, affecting all versions through 1.6.10. The issue arises because the theme fails to properly validate a user's identity before allowing password changes. This flaw enables unauthenticated attackers to change passwords for any user, including administrators, potentially leading to unauthorized access to their accounts.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, enabling attackers to gain access to user accounts, including those of administrators.

Remediation

Users are advised to update the Golo WordPress Theme to version 1.6.11 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Golo WordPress Theme Privilege Escalation Vulnerability via Unauthenticated Password Change

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating