🔐 CVE Alert

CVE-2024-33686

MEDIUM 4.3

Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea WP: from n/a through 1.0.13; Elevate WP: from n/a through 1.0.15; Brite: from n/a through 1.0.11; Colibri WP: from n/a through 1.0.94; Vertice: from n/a through 1.0.7.

CWE CWE-862
Vendor extend themes
Product pathway
Published Apr 29, 2024
Last Updated Apr 28, 2026
Stay Ahead of the Next One

Get instant alerts for extend themes pathway

Be the first to know when new medium vulnerabilities affecting extend themes pathway are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Affected Versions

Extend Themes / Pathway
n/a ≤ 1.0.15
Extend Themes / Hugo WP
n/a ≤ 1.0.8
Extend Themes / Althea WP
n/a ≤ 1.0.13
Extend Themes / Elevate WP
n/a ≤ 1.0.15
Extend Themes / Brite
n/a ≤ 1.0.11
Extend Themes / Colibri WP
n/a ≤ 1.0.94
Extend Themes / Vertice
n/a ≤ 1.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗
patchstack.com: https://patchstack.com/database/vulnerability/pathway/wordpress-pathway-theme-1-0-15-cross-site-request-forgery-csrf-vulnerability patchstack.com: https://patchstack.com/database/vulnerability/hugo-wp/wordpress-hugo-wp-theme-1-0-8-broken-access-control-vulnerability patchstack.com: https://patchstack.com/database/vulnerability/althea-wp/wordpress-althea-wp-theme-1-0-13-broken-access-control-vulnerability patchstack.com: https://patchstack.com/database/vulnerability/elevate-wp/wordpress-elevate-wp-theme-1-0-15-broken-access-control-vulnerability patchstack.com: https://patchstack.com/database/vulnerability/brite/wordpress-brite-theme-1-0-11-broken-access-control-vulnerability patchstack.com: https://patchstack.com/database/vulnerability/colibri-wp/wordpress-colibri-wp-theme-1-0-94-broken-access-control-vulnerability patchstack.com: https://patchstack.com/database/vulnerability/vertice/wordpress-vertice-theme-1-0-7-broken-access-control-vulnerability

Credits

Dhabaleshwar Das (Patchstack Alliance)