Access Control Flaw in Traveler Theme by ShineTheme
CVE-2025-63028

Currently unrated

Key Information:

Vendor

WordPress
Status
Traveler
Vendor
CVE Published:
9 December 2025

What is CVE-2025-63028?

The Traveler Theme by ShineTheme contains a significant access control vulnerability that arises from improperly configured security levels, allowing unauthorized access to protected areas. This flaw affects all versions up to and including 3.2.6, potentially enabling attackers to exploit the theme's oversight and gain access to restricted functionalities.

Affected Version(s)

Traveler <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/trave...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.