CVE-2026-22343
Deferred Deferred - Pending Action

Unauthenticated Broken Access Control in WordPress Dating Theme

Vulnerability report for CVE-2026-22343, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-07-07
AI Q&A
2026-06-17
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack wordpress_dating_theme to 11.2.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-22343 is a high-priority Broken Access Control vulnerability found in the WordPress Dating Theme version 11.2.0 or earlier.

This flaw allows attackers to perform unauthorized actions because of missing authorization, authentication, or nonce token checks.

Essentially, it means that an attacker can bypass normal access controls without needing to log in or prove their identity.

Impact Analysis

Exploitation of this vulnerability can lead to unauthorized actions on affected websites using the vulnerable WordPress Dating Theme.

Because the vulnerability allows attackers to bypass access controls without authentication, it can compromise the confidentiality, integrity, and availability of the website.

This could affect thousands of websites, potentially leading to data breaches, unauthorized data modification, or service disruption.

Mitigation Strategies

The WordPress Dating Theme version 11.2.0 or earlier is vulnerable to a high-priority Broken Access Control issue.

Immediate actions advised include updating the theme to a newer version if available or seeking assistance from a hosting provider or developer.

Since no official patch is currently available, Patchstack has issued a mitigation rule to block attacks until an official fix is released.

Detection Guidance

The vulnerability in WordPress Dating Theme versions 11.2.0 or earlier is due to broken access control allowing unauthenticated unauthorized actions. Detection typically involves monitoring for unauthorized access attempts or suspicious requests targeting the theme's endpoints.

Since no official patch is available and the vulnerability involves missing authorization checks, detection can be attempted by analyzing web server logs for unusual or unauthorized requests to the WordPress Dating Theme resources.

Specific commands are not provided in the available resources, but general approaches include using tools like curl or wget to simulate unauthorized requests to the theme's endpoints and checking if access is improperly granted.

For example, you might use commands such as:

  • curl -I http://yourwordpresssite.com/wp-content/themes/dating-theme/some-protected-resource
  • grep -i 'dating-theme' /var/log/apache2/access.log | grep 'HTTP/1.1" 200'

These commands help identify if unauthorized access is possible by checking HTTP response headers or log entries indicating successful access without authentication.

It is also recommended to apply the mitigation rule provided by Patchstack or consult with your hosting provider or developer for more tailored detection and protection strategies.

Compliance Impact

The provided information does not specify how the CVE-2026-22343 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22343. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart