Skip to main content

Genemy

2 CVEs product

Monthly

CVE-2025-69138 HIGH This Week

Privilege escalation in the Genemy WordPress theme versions 1.6.6 and earlier allows authenticated subscriber-level users to elevate their privileges to higher roles, gaining administrative control over affected WordPress sites. The flaw, reported by Patchstack and tracked under CWE-266 (Incorrect Privilege Assignment), affects all installations using the jthemes Genemy theme up to and including 1.6.6, and no public exploit identified at time of analysis. Given the low attack complexity and minimal authentication requirement (any subscriber account), this represents a high-impact issue for any WordPress site running the affected theme with open user registration.

Privilege Escalation Genemy
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-69137 MEDIUM This Month

Broken access control in the Genemy WordPress theme (versions ≤1.6.6) permits subscriber-level authenticated users to perform high-integrity write operations that are supposed to be restricted to higher-privileged roles such as editor or administrator. The flaw originates from missing authorization checks (CWE-862) on theme-registered functionality, meaning the theme does not verify whether the requesting user holds sufficient WordPress capabilities before executing privileged actions. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the CVSS integrity impact rating of High and low attack complexity signal meaningful unauthorized content or configuration modification potential for any attacker able to obtain a subscriber account.

Authentication Bypass Genemy
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in the Genemy WordPress theme versions 1.6.6 and earlier allows authenticated subscriber-level users to elevate their privileges to higher roles, gaining administrative control over affected WordPress sites. The flaw, reported by Patchstack and tracked under CWE-266 (Incorrect Privilege Assignment), affects all installations using the jthemes Genemy theme up to and including 1.6.6, and no public exploit identified at time of analysis. Given the low attack complexity and minimal authentication requirement (any subscriber account), this represents a high-impact issue for any WordPress site running the affected theme with open user registration.

Privilege Escalation Genemy
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in the Genemy WordPress theme (versions ≤1.6.6) permits subscriber-level authenticated users to perform high-integrity write operations that are supposed to be restricted to higher-privileged roles such as editor or administrator. The flaw originates from missing authorization checks (CWE-862) on theme-registered functionality, meaning the theme does not verify whether the requesting user holds sufficient WordPress capabilities before executing privileged actions. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the CVSS integrity impact rating of High and low attack complexity signal meaningful unauthorized content or configuration modification potential for any attacker able to obtain a subscriber account.

Authentication Bypass Genemy
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy