Nanocare
Monthly
Missing authorization in the NanoCare WordPress theme (Linethemes) before version 1.2.2 permits low-privileged authenticated users to exploit incorrectly configured access control levels, resulting in limited integrity and availability impact. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) confirms network-accessible exploitation requiring only a low-privilege account with no user interaction. No public exploit code exists and no active exploitation has been confirmed; EPSS at 0.04% (11th percentile) and SSVC exploitation status of 'none' indicate this is currently a theoretical rather than actively weaponized risk.
Missing authorization in the NanoCare WordPress theme (Linethemes) before version 1.2.2 permits low-privileged authenticated users to exploit incorrectly configured access control levels, resulting in limited integrity and availability impact. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) confirms network-accessible exploitation requiring only a low-privilege account with no user interaction. No public exploit code exists and no active exploitation has been confirmed; EPSS at 0.04% (11th percentile) and SSVC exploitation status of 'none' indicate this is currently a theoretical rather than actively weaponized risk.