Skip to main content

WordPress Dating Theme CVE-2026-22343

| EUVDEUVD-2026-37662 HIGH
Missing Authorization (CWE-862)
2026-06-17 Patchstack
8.6
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
vuln.today AI
8.6 HIGH

Unauthenticated network-reachable authorization bypass (AV:N/AC:L/PR:N/UI:N); high confidentiality from member-data exposure, with limited integrity/availability matching a read-leaning broken access control flaw.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Jun 17, 2026 - 12:29 vuln.today
CVE Published
Jun 17, 2026 - 09:50 cve.org
HIGH 8.6

DescriptionCVE.org

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

AnalysisAI

Unauthenticated broken access control in PremiumPress WordPress Dating Theme through version 11.2.0 allows remote attackers to reach restricted functionality without credentials, resulting in high confidentiality impact and limited integrity and availability impact. The flaw was disclosed via Patchstack and currently has no public exploit identified at time of analysis, but the network-reachable, no-interaction vector (AV:N/AC:L/PR:N/UI:N) makes opportunistic abuse against exposed sites realistic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Fingerprint WordPress site running Dating Theme
Delivery
Identify unauthenticated theme endpoint
Exploit
Send crafted HTTP request bypassing authorization
Execution
Retrieve or modify member data
Impact
Exfiltrate PII from dating profiles

Vulnerability AssessmentAI

Exploitation The only prerequisite is network reachability to a WordPress site running the PremiumPress 'WordPress Dating Theme' at version 11.2.0 or earlier with its vulnerable endpoint exposed on the public web; the CVSS vector AV:N/AC:L/PR:N/UI:N confirms no authentication, no user interaction, and no special attack complexity. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L) is consistent with a network-reachable, fully unauthenticated authorization bypass and should be treated as a real priority for any site running the theme, particularly dating/community sites that store sensitive PII. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker enumerates WordPress sites running the Dating Theme via Wappalyzer-style fingerprinting or theme-path scanning, then issues unauthenticated HTTP requests directly to the vulnerable theme handler - for example an admin-ajax.php action exposed by the theme - to retrieve or modify member data that should require an authenticated session. No POC is currently referenced in the input, so realistic near-term abuse is opportunistic bulk scraping of member profiles or messages from exposed sites rather than a turnkey mass-exploitation campaign.
Remediation Patch available per vendor advisory: upgrade the WordPress Dating Theme to a release later than 11.2.0 as referenced in the Patchstack entry (https://patchstack.com/database/wordpress/theme/da10/vulnerability/wordpress-wordpress-dating-theme-theme-11-2-0-broken-access-control-vulnerability); the exact fixed version is not stated in the input data, so confirm the target version directly with PremiumPress before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all WordPress installations using PremiumPress Dating Theme; document affected versions and asset criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-22343 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy