The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user’s default role, registration state and others, which may lead to executing commands/code on the server and taking over the website. Tested Versions: Simpolio 1.3.2 Pont 1.5 Teardrop 1.8.1 Vernissage 1.2.8