Access Control Vulnerability in Porto Theme Functionality by WordPress
CVE-2025-63067
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 December 2025
What is CVE-2025-63067?
A missing authorization vulnerability exists in the Porto Theme Functionality, allowing attackers to exploit incorrectly configured access control security levels. This flaw affects version 3.6.2 and earlier, potentially allowing unauthorized access to sensitive functions and features within the theme, thereby exposing users to various security risks.
Affected Version(s)
Porto Theme - Functionality 0 <= 3.7.3
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program