CVE-2025-52804

Missing Authorization (CWE-862)
2025-07-16 [email protected]
Information Disclosure

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:43 vuln.today
CVE Published
Jul 16, 2025 - 12:15 nvd
N/A

DescriptionNVD

Missing Authorization vulnerability in uxper Nuss nuss allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Nuss: from n/a through <= 1.3.7.1.

AnalysisAI

Missing authorization controls in uxper Nuss theme through version 1.3.7.1 allow unauthenticated or low-privileged users to access functionality that should be restricted by access control lists. The vulnerability, classified as CWE-862 (Missing Authorization), enables attackers to bypass ACL restrictions and perform unauthorized actions within the theme's administrative or sensitive functions.

Technical ContextAI

This vulnerability stems from inadequate authorization checks in the uxper Nuss WordPress theme, specifically a failure to properly implement access control list (ACL) enforcement as described in CWE-862 (Authorization Missing). The theme likely contains endpoints or functions that perform sensitive operations without first verifying whether the requesting user has the necessary permissions or roles. This type of flaw typically occurs when developers implement authentication checks (confirming a user is logged in) but omit authorization checks (confirming the user has permission for that specific action). The vulnerability affects all versions from the initial release through version 1.3.7.1.

Affected ProductsAI

The uxper Nuss WordPress theme is affected in all versions from the initial release through and including version 1.3.7.1. The vulnerability was reported by [email protected] and documented in the Patchstack database for the Nuss theme.

RemediationAI

Users of the uxper Nuss theme should upgrade to a version newer than 1.3.7.1 as soon as a patched release is available from the theme developer. The vulnerability was identified and reported via Patchstack, so checking the official Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/nuss/vulnerability/wordpress-nuss-1-3-3-broken-access-control-vulnerability?_s_id=cve may provide information on patched versions and release timelines. In the interim, site administrators should review and strengthen user role assignments, restrict administrative access to trusted users only, and consider temporarily disabling or isolating the theme if a patch is not immediately available.

Share

CVE-2025-52804 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy