Wordpress Dating Theme
Monthly
Unauthenticated broken access control in PremiumPress WordPress Dating Theme through version 11.2.0 allows remote attackers to reach restricted functionality without credentials, resulting in high confidentiality impact and limited integrity and availability impact. The flaw was disclosed via Patchstack and currently has no public exploit identified at time of analysis, but the network-reachable, no-interaction vector (AV:N/AC:L/PR:N/UI:N) makes opportunistic abuse against exposed sites realistic. No CISA KEV listing or EPSS score is provided in the input.
Cross-Site Request Forgery in PremiumPress WordPress Dating Theme versions 11.2.0 and earlier allows remote attackers to coerce authenticated victims into performing unintended state-changing actions, with Patchstack documenting an account takeover path. The CVSS 8.8 rating reflects high impact on confidentiality, integrity, and availability when a targeted user is tricked into visiting attacker-controlled content. No public exploit identified at time of analysis and the theme has not been listed in CISA KEV.
Unauthenticated broken access control in PremiumPress WordPress Dating Theme through version 11.2.0 allows remote attackers to reach restricted functionality without credentials, resulting in high confidentiality impact and limited integrity and availability impact. The flaw was disclosed via Patchstack and currently has no public exploit identified at time of analysis, but the network-reachable, no-interaction vector (AV:N/AC:L/PR:N/UI:N) makes opportunistic abuse against exposed sites realistic. No CISA KEV listing or EPSS score is provided in the input.
Cross-Site Request Forgery in PremiumPress WordPress Dating Theme versions 11.2.0 and earlier allows remote attackers to coerce authenticated victims into performing unintended state-changing actions, with Patchstack documenting an account takeover path. The CVSS 8.8 rating reflects high impact on confidentiality, integrity, and availability when a targeted user is tricked into visiting attacker-controlled content. No public exploit identified at time of analysis and the theme has not been listed in CISA KEV.