Skip to main content

Golo EUVDEUVD-2026-15769

| CVE-2026-27051 CRITICAL
Incorrect Privilege Assignment (CWE-266)
2026-03-25 Patchstack GHSA-gcfq-p9h5-pjmx
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 24, 2026 - 16:37 vuln.today
cvss_changed
EUVD ID Assigned
Mar 25, 2026 - 16:47 euvd
EUVD-2026-15769
Analysis Generated
Mar 25, 2026 - 16:47 vuln.today
CVE Published
Mar 25, 2026 - 16:14 nvd
CRITICAL 9.8

DescriptionCVE.org

Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0.

AnalysisAI

An Incorrect Privilege Assignment vulnerability (CWE-266) exists in uxper Golo theme versions up to and including 1.7.0, enabling privilege escalation attacks. This WordPress theme vulnerability allows attackers to elevate their privileges within the application, potentially gaining unauthorized administrative access. The vulnerability was reported by Patchstack and affects all versions from an unspecified baseline through 1.7.0; no CVSS score, EPSS data, or active KEV status information is currently available.

Technical ContextAI

The vulnerability is rooted in CWE-266 (Incorrect Privilege Assignment), a weakness class that occurs when software assigns incorrect privilege levels to user accounts or operations. In the context of the uxper Golo WordPress theme (identified via CPE cpe:2.3:a:uxper:golo:*:*:*:*:*:*:*:*), this flaw likely resides in role-checking or capability-validation functions within the theme's backend logic. WordPress themes operate within WordPress's role-based access control framework (Admin, Editor, Author, Contributor, Subscriber), and this vulnerability suggests the Golo theme fails to properly enforce these boundaries, allowing lower-privileged users to assume higher privilege levels through improper permission checks or missing authorization validations in theme-specific functions.

RemediationAI

The primary remediation is to upgrade the uxper Golo theme to a version later than 1.7.0 once a patch is released by uxper or the theme maintainers; monitor the Patchstack database (https://patchstack.com/database/Wordpress/Theme/golo) and official theme repositories for patched versions. Until a patch is available, administrators should implement compensating controls: restrict WordPress user account creation and role assignment to trusted personnel only, audit existing user roles to remove any unnecessary elevated privileges, enable comprehensive audit logging to detect unauthorized privilege escalation attempts, and consider temporarily disabling Golo theme-specific functionality if it relies on the flawed privilege logic. For critical installations, consider temporarily switching to an alternative theme until the patch is validated and deployed.

Share

EUVD-2026-15769 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy