Primary

Context

Flex Mag WordPress Theme Missing Authorization Vulnerability Allowing Arbitrary Option Deletion

Vulnerability

A vulnerability exists in the Flex Mag - Responsive WordPress News Theme, all versions through 3.5.2, due to a missing capability check in the propanel_of_ajax_callback() function. This flaw allows authenticated attackers with Subscriber-level access and above to delete arbitrary option values on the WordPress site. Exploiting this vulnerability can lead to a denial-of-service condition by removing options that cause errors on the site, disrupting access for legitimate users.

Impact

Successful exploitation allows authenticated users with Subscriber-level access and above to delete arbitrary option values, potentially causing errors that disrupt service for legitimate users.

Remediation

Users are advised to update the theme to version 3.6.0 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flex Mag WordPress Theme Missing Authorization Vulnerability Allowing Arbitrary Option Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating