CVE-2025-4797

Name of the Vulnerable Software and Affected Versions The Golo - City Travel Guide WordPress Theme version 1.7.0 and earlier

Description The issue is related to privilege escalation via account takeover due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This allows unauthenticated attackers to log in as any user, including administrators, if they know the user's email address.

Recommendations For versions up to and including 1.7.0, update to a version that fixes the authentication bypass issue. As a temporary workaround, consider restricting access to sensitive areas of the WordPress site to minimize the risk of exploitation. Avoid using email addresses as the sole means of identification for user accounts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.