GHSA-q2p3-v4q2-729hMediumCVSS 4.3

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability...

Published
June 27, 2026
Last Modified
June 27, 2026

🔗 CVE IDs covered (1)

📋 Description

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set of plugins.

🔗 References (6)