CVE-2025-53302 WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

CVE-2025-53302 WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

CVE-2025-9194

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

CVE-2025-9194

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

CVE-2025-9194 Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

EUVD-2025-32249

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

CVE-2025-9194 Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

CVE-2025-9194

CVE-2025-9194 concerns the WordPress plugin Constructor (versions up to 1.6.5). The issue is a missing capability check in the clean() function, enabling authenticated attackers with Subscriber-level access or higher to trigger a theme clean and modify data. Public sources (e.g., PT-2025-40485) n...

PT-2025-40485

Name of the Vulnerable Software and Affected Versions Constructor theme for WordPress versions prior to 1.6.6 Description The Constructor theme for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the clean function. Authenticated...

WordPress Constructor Theme <= 1.6.5 is vulnerable to Broken Access Control

Software Constructor Type Theme Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9194 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6d9c8944054 Credits Sulabh Jain pentestmonkey11 Required...