The WordPress Dating Theme contains an unauthenticated access control flaw that permits unauthorized users to bypass security restrictions.

The vulnerability originates from a failure to perform adequate capability checks on sensitive functions within the theme. This allows an unauthenticated attacker to invoke restricted backend processes that should only be accessible to privileged users.

This flaw carries a CVSS score of 8.6, indicating a high risk of unauthorized data exposure or administrative privilege escalation. Successful exploitation could lead to full site compromise and the unauthorized extraction of sensitive user or site information.

Immediate Action: Apply the latest security update for the WordPress Dating Theme immediately.

Proactive Monitoring: Monitor site traffic for unusual access patterns to administrative modules or restricted API endpoints.

Compensating Controls: Utilize a Web Application Firewall to block unauthorized access attempts to known administrative or plugin-specific directories.

Public Exploit Available: false

Security teams must treat this vulnerability with high urgency. Patching the theme is the only definitive way to enforce proper access control and prevent unauthorized exploitation by unauthenticated actors.