Skip to main content

Golo

3 CVEs product

Monthly

CVE-2026-27051 CRITICAL Act Now

An Incorrect Privilege Assignment vulnerability (CWE-266) exists in uxper Golo theme versions up to and including 1.7.0, enabling privilege escalation attacks. This WordPress theme vulnerability allows attackers to elevate their privileges within the application, potentially gaining unauthorized administrative access. The vulnerability was reported by Patchstack and affects all versions from an unspecified baseline through 1.7.0; no CVSS score, EPSS data, or active KEV status information is currently available.

Privilege Escalation Golo
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23973 HIGH PATCH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the uxper Golo theme that allows attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects Golo versions prior to 1.7.5 and can be exploited by crafting malicious URLs that execute arbitrary JavaScript in the context of a victim's browser. An attacker can steal session cookies, perform actions on behalf of the user, or redirect users to malicious sites without requiring authentication or special privileges.

XSS Golo
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-12876 CRITICAL Act Now

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation Golo
NVD
CVSS 3.1
9.8
EPSS
0.6%
EPSS 0% CVSS 9.8
CRITICAL Act Now

An Incorrect Privilege Assignment vulnerability (CWE-266) exists in uxper Golo theme versions up to and including 1.7.0, enabling privilege escalation attacks. This WordPress theme vulnerability allows attackers to elevate their privileges within the application, potentially gaining unauthorized administrative access. The vulnerability was reported by Patchstack and affects all versions from an unspecified baseline through 1.7.0; no CVSS score, EPSS data, or active KEV status information is currently available.

Privilege Escalation Golo
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the uxper Golo theme that allows attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects Golo versions prior to 1.7.5 and can be exploited by crafting malicious URLs that execute arbitrary JavaScript in the context of a victim's browser. An attacker can steal session cookies, perform actions on behalf of the user, or redirect users to malicious sites without requiring authentication or special privileges.

XSS Golo
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy