WordPress Hub theme <= 5.0.7 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability

Missing Authorization to Authenticated Subscriber+ All Plugins Deactivated vulnerability discovered by Lucio Sá in WordPress Theme Hub versions = 1.2.12...

WordPress Hub Theme <= 1.2.12 is vulnerable to Broken Access Control

Software Hub Type Theme Vulnerable versions = 1.2.12 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2025-0951 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 57e47f19b73d Credits Lucio Sá Required...