Skip to main content

Constructor

1 CVEs product

Monthly

CVE-2025-53302 MEDIUM This Month

Unauthenticated broken access control in the Constructor WordPress theme (versions through 1.6.5) exposes restricted functionality to any remote visitor without authentication. The missing authorization check (CWE-862) allows network-accessible exploitation with no user interaction required, resulting in unauthorized read access to data or functionality that should be ACL-protected. No public exploit code or CISA KEV listing has been identified at time of analysis, but the CVSS vector confirms trivially low exploitation complexity.

Authentication Bypass Constructor
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated broken access control in the Constructor WordPress theme (versions through 1.6.5) exposes restricted functionality to any remote visitor without authentication. The missing authorization check (CWE-862) allows network-accessible exploitation with no user interaction required, resulting in unauthorized read access to data or functionality that should be ACL-protected. No public exploit code or CISA KEV listing has been identified at time of analysis, but the CVSS vector confirms trivially low exploitation complexity.

Authentication Bypass Constructor
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy