Skip to main content

Ave Core

1 CVEs product

Monthly

CVE-2026-25460 MEDIUM This Month

This is a Missing Authorization (Broken Access Control) vulnerability in LiquidThemes Ave Core plugin affecting versions up to 2.9.1, where incorrectly configured access control security levels allow attackers to bypass authentication mechanisms and access protected functionality. The vulnerability, classified under CWE-862, impacts WordPress installations using the affected Ave Core plugin versions. While no CVSS score, EPSS data, or confirmed KEV status is currently available, the Patchstack intelligence indicates this represents an authentication bypass weakness that could enable unauthorized access to administrative or sensitive features without proper privilege escalation.

Authentication Bypass Ave Core
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
EPSS 0% CVSS 6.3
MEDIUM This Month

This is a Missing Authorization (Broken Access Control) vulnerability in LiquidThemes Ave Core plugin affecting versions up to 2.9.1, where incorrectly configured access control security levels allow attackers to bypass authentication mechanisms and access protected functionality. The vulnerability, classified under CWE-862, impacts WordPress installations using the affected Ave Core plugin versions. While no CVSS score, EPSS data, or confirmed KEV status is currently available, the Patchstack intelligence indicates this represents an authentication bypass weakness that could enable unauthorized access to administrative or sensitive features without proper privilege escalation.

Authentication Bypass Ave Core
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy