Primary

Context

Eco Nature WordPress Theme Missing Authorization Vulnerability Allowing Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in the Eco Nature - Environment & Ecology WordPress Theme, all versions through 2.0.4. The issue arises from a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action, allowing authenticated attackers with Subscriber-level access and above to unauthorizedly modify option values. This manipulation can lead to errors on the site, disrupting service for legitimate users, or be used to alter certain values, such as registration settings.

Impact

Exploitation of this vulnerability can cause errors on the WordPress site, disrupting service for legitimate users. Additionally, it can be used to manipulate option values related to user registration.

Remediation

Users are advised to update the Eco Nature WordPress Theme to version 2.1.0 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eco Nature WordPress Theme Missing Authorization Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating