Skip to main content

Wordpress Dating Theme

2 CVEs product

Monthly

CVE-2026-22343 HIGH This Week

Unauthenticated broken access control in PremiumPress WordPress Dating Theme through version 11.2.0 allows remote attackers to reach restricted functionality without credentials, resulting in high confidentiality impact and limited integrity and availability impact. The flaw was disclosed via Patchstack and currently has no public exploit identified at time of analysis, but the network-reachable, no-interaction vector (AV:N/AC:L/PR:N/UI:N) makes opportunistic abuse against exposed sites realistic. No CISA KEV listing or EPSS score is provided in the input.

Authentication Bypass WordPress Wordpress Dating Theme
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2026-22342 HIGH This Week

Cross-Site Request Forgery in PremiumPress WordPress Dating Theme versions 11.2.0 and earlier allows remote attackers to coerce authenticated victims into performing unintended state-changing actions, with Patchstack documenting an account takeover path. The CVSS 8.8 rating reflects high impact on confidentiality, integrity, and availability when a targeted user is tricked into visiting attacker-controlled content. No public exploit identified at time of analysis and the theme has not been listed in CISA KEV.

CSRF WordPress Wordpress Dating Theme
NVD
CVSS 3.1
8.8
EPSS
0.2%
EPSS 0% CVSS 8.6
HIGH This Week

Unauthenticated broken access control in PremiumPress WordPress Dating Theme through version 11.2.0 allows remote attackers to reach restricted functionality without credentials, resulting in high confidentiality impact and limited integrity and availability impact. The flaw was disclosed via Patchstack and currently has no public exploit identified at time of analysis, but the network-reachable, no-interaction vector (AV:N/AC:L/PR:N/UI:N) makes opportunistic abuse against exposed sites realistic. No CISA KEV listing or EPSS score is provided in the input.

Authentication Bypass WordPress Wordpress Dating Theme
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery in PremiumPress WordPress Dating Theme versions 11.2.0 and earlier allows remote attackers to coerce authenticated victims into performing unintended state-changing actions, with Patchstack documenting an account takeover path. The CVSS 8.8 rating reflects high impact on confidentiality, integrity, and availability when a targeted user is tricked into visiting attacker-controlled content. No public exploit identified at time of analysis and the theme has not been listed in CISA KEV.

CSRF WordPress Wordpress Dating Theme
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy