WordPress Industrial Theme Privilege Escalation Vulnerability

Vulnerability

A vulnerability in the Industrial theme for WordPress, affecting all versions through 1.7.8, allows for unauthorized data modification that could lead to privilege escalation. This issue arises from a lack of capability checks in the _ajax_get_total_content_import_items() function, enabling authenticated attackers with subscriber-level access or higher to update arbitrary options on the WordPress site. Exploitation of this vulnerability could allow attackers to change the default role for new users to administrator and activate user registration, thereby gaining administrative access on the site.

Impact

Exploitation of this vulnerability could result in unauthorized administrative access to a WordPress site.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Industrial Theme Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating