Primary

Context

WordPress Altair Theme Privilege Escalation Vulnerability

Vulnerability

A vulnerability in the Altair theme for WordPress, present in all versions through 5.2.4, allows for unauthorized data modification that could lead to privilege escalation. This issue arises from a missing capability check in the theme's functions.php file, enabling unauthenticated attackers to update arbitrary options on the WordPress site. Exploitation of this vulnerability could involve changing the default role for new users to administrator and activating user registration, thereby granting administrative access to the attacker on the compromised site.

Impact

Exploitation of this vulnerability could allow an attacker to gain administrative privileges on the WordPress site.

Remediation

Users are advised to update the Altair theme to version 5.2.5 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Altair Theme Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating