Primary

Context

Golo WordPress Theme Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability in the Golo - City Travel Guide WordPress Theme, in all versions through 1.7.0, allows for privilege escalation via account takeover. The issue arises because the theme fails to properly validate a user's identity before setting an authorization cookie. This flaw enables unauthenticated attackers to log in as any user, including administrators, if they know the user's email address.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling attackers to gain unauthorized access to user accounts, including those of administrators.

Remediation

Users are advised to update the Golo WordPress Theme to version 1.7.1 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Golo WordPress Theme Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating