Missing Authorization Vulnerability in Traveler by ShineTheme
CVE-2025-59011

7.5HIGH

Key Information:

Vendor: WordPress
Status: Traveler
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-59011?

A missing authorization vulnerability in the Traveler theme by ShineTheme allows attackers to exploit improperly configured access control settings. This flaw can lead to unauthorized access, enabling malicious actors to manipulate sensitive data or perform actions that should be restricted. It is crucial for users of the Traveler theme to implement the latest security measures and updates to safeguard their websites from potential threats.

Affected Version(s)

Traveler < 3.2.3

References

https://patchstack.com/database/wordpress/theme/traveler/...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 6, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

JSON

WordPress

What is CVE-2025-59011?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit