Martfury Woocommerce Marketplace Wordpress Theme
Monthly
Broken access control in Martfury WooCommerce Marketplace WordPress Theme (versions <= 3.2.8) permits authenticated subscriber-level users to invoke functionality restricted to higher-privilege roles, achieving unauthorized integrity modifications. The flaw is rooted in CWE-862 (Missing Authorization), where theme-controlled endpoints or action handlers fail to verify that the requesting user holds sufficient capabilities beyond basic authentication. No public exploit or CISA KEV listing was present in the available data at time of analysis.
Broken access control in Martfury WooCommerce Marketplace WordPress Theme (versions <= 3.2.8) permits authenticated subscriber-level users to invoke functionality restricted to higher-privilege roles, achieving unauthorized integrity modifications. The flaw is rooted in CWE-862 (Missing Authorization), where theme-controlled endpoints or action handlers fail to verify that the requesting user holds sufficient capabilities beyond basic authentication. No public exploit or CISA KEV listing was present in the available data at time of analysis.