CVE-2025-53348

Vulnerability

Overview

CVE-2025-53348 is a missing authorization vulnerability in the Laborator Kalium WordPress theme, affecting versions from n/a through 3.18.3. The issue stems from incorrectly configured access control security levels, which means certain functions lack proper authorization checks, nonce tokens, or authentication requirements [1].

Exploitation

An unauthenticated or low-privileged attacker can exploit this broken access control to perform actions that should require higher privileges. The vulnerability is particularly dangerous because it can be used in mass-exploit campaigns targeting thousands of websites simultaneously, regardless of site traffic or popularity [1].

Impact

Successful exploitation allows an attacker to bypass intended access restrictions, potentially leading to unauthorized data access, modification, or other privileged operations within the affected WordPress installation. The CVSS v3 base score of 5.3 (Medium) reflects the moderate severity, though the ease of mass exploitation increases the real-world risk [1].

Mitigation

The vendor has not released a patch for versions beyond 3.18.3, and users are advised to update the theme immediately. If updating is not possible, contacting a hosting provider or web developer for assistance is recommended [1].