CVE-2026-23973 WordPress Golo theme < 1.7.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through 1.7.5...

WordPress Golo theme <= 1.7.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Golo versions = 1.7.0...

WordPress Golo theme < 1.7.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Golo versions 1.7.5...

CVE-2026-23974 WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through 1.7.5...

CVE-2025-54725 WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo golo allows Authentication Abuse.This issue affects Golo: from n/a through = 1.7.0...

WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bonds in WordPress Theme Golo versions = 1.7.1...

WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability

Broken Authentication Vulnerability discovered by Rau má đậu xanh in WordPress Theme Golo versions = 1.7.0...

WordPress Golo Theme <= 1.7.0 is vulnerable to Broken Authentication

Software Golo Type Theme Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54725 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a2ab39e8e113 Credits Aiden Required...

WordPress Golo theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change vulnerability

Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change vulnerability discovered by Lucio Sá in WordPress Theme Golo versions = 1.6.10...