Unauthorized Data Modification in Eco Nature WordPress Theme by CMSMasters
CVE-2025-0952
8.1HIGH
Key Information:
- Vendor
- Cmsmasters
- Status
- Eco Nature - Environment & Ecology WordPress Theme
- Vendor
- CVE Published:
- 14 March 2025
Summary
The Eco Nature - Environment & Ecology WordPress Theme is susceptible to unauthorized data modification due to a lack of capability checks on the 'cmsmasters_hide_admin_notice' AJAX action. This vulnerability affects all versions up to and including 2.0.4. Authenticated attackers with Subscriber-level access or higher can exploit this flaw to modify site options, potentially triggering errors that disrupt service for legitimate users. This could lead to a denial of service, as attackers can alter settings related to user registration and other critical functionalities.
Affected Version(s)
Eco Nature - Environment & Ecology WordPress Theme * <= 2.0.4
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Lucio Sá