Lucene search
+L

8 matches found

redhatcve
redhatcve
added 2025/09/19 11:27 a.m.21 views

CVE-2025-8999

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

5.3CVSS5.1AI score0.00262EPSS
Exploits0References1
nvd
nvd
added 2025/09/17 12:15 p.m.3 views

CVE-2025-8999

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

5.3CVSS0.00262EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2025/09/17 11:25 a.m.2 views

CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

5.3CVSS4.8AI score0.00262EPSS
Exploits0References5
cvelist
cvelist
added 2025/09/17 11:25 a.m.11 views

CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

5.3CVSS0.00262EPSS
Exploits0References5
cve
cve
added 2025/09/17 11:25 a.m.16 views

CVE-2025-8999

CVE-2025-8999 documents a vulnerability in the WordPress Sydney theme (versions

5.3CVSS4.8AI score0.00262EPSS
Exploits0References5
patchstack
patchstack
added 2025/09/17 12:11 a.m.7 views

WordPress Sydney plugin <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Theme Options Update vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Sydney versions = 2.56...

5.3CVSS7AI score0.00262EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2025/09/17 12:0 a.m.5 views

PT-2025-38145

Name of the Vulnerable Software and Affected Versions: Sydney theme for WordPress versions prior to 2.57 Description: The Sydney theme for WordPress is susceptible to unauthorized data modification due to a missing capability check on the activate modules function. This allows authenticated...

5.3CVSS5.7AI score0.00262EPSS
Exploits0References9
patchstack
patchstack
added 2025/09/17 12:0 a.m.6 views

WordPress Sydney Theme <= 2.56 is vulnerable to Broken Access Control

Software Sydney Type Theme Vulnerable versions = 2.56 Fixed in 2.57 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8999 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b984ceb50d6 Credits Dmitrii Ignatyev Required privilege...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder