CVE-2025-69344
Missing Authorization in ThemeHunk Oneline Lite Enables Unauthorized Access
Publication date: 2026-01-07
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themehunk | oneline_lite | to 6.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. [1]
Can you explain this vulnerability to me?
CVE-2025-69344 is a broken access control vulnerability in the WordPress Oneline Lite Theme (up to version 6.6). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows users with low privileges (subscriber-level) to perform actions that should be restricted to higher-privileged roles such as developers. [1]
How can this vulnerability impact me? :
This vulnerability allows unprivileged users to perform actions reserved for higher-privileged roles, potentially leading to unauthorized changes or actions within the WordPress theme. However, the impact is considered low with a CVSS score of 4.3, and the risk of exploitation is not significant. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the WordPress Oneline Lite Theme to version 6.7 or later, as this version contains the fix for the broken access control issue. [1]