PT-2025-24014 · WordPress · The Art Theme
István Márton
·
Published
2025-06-06
·
Updated
2025-06-06
·
CVE-2025-1778
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Art Theme for WordPress versions up to, and including, 3.12.2.3
Description
The issue is related to unauthorized access due to a missing capability check on the 'arttheme theme option restore' AJAX function. This allows authenticated attackers with subscriber-level access and above to delete the theme option.
Recommendations
For versions up to, and including, 3.12.2.3, consider disabling the
arttheme theme option restore AJAX function until a patch is available to prevent unauthorized access.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Art Theme