Medium severity4.3NVD Advisory· Published Sep 5, 2025· Updated Apr 23, 2026

CVE-2025-58813

Description

Missing Authorization vulnerability in themearile Consultstreet consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Consultstreet: from n/a through <= 3.0.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The Consultstreet WordPress theme up to version 3.0.0 contains a missing authorization vulnerability allowing unauthenticated attackers to exploit incorrectly configured access controls.

Vulnerability

Overview The Consultstreet WordPress theme, versions up to and including 3.0.0, suffers from a missing authorization vulnerability [1]. This flaw stems from incorrectly configured access control security levels, allowing unauthenticated users to bypass intended permission checks.

Exploitation

Details Attackers can exploit this vulnerability without any prior authentication or special network position [1]. The reference indicates that such broken access control issues are commonly used in mass-exploit campaigns, targeting thousands of websites regardless of their size or popularity.

Impact

Successful exploitation could enable an attacker to perform actions that should be restricted to higher-privileged users, such as modifying theme settings or accessing sensitive data. However, the vulnerability is assessed as low severity and is considered unlikely to be exploited in practice [1].

Mitigation

Status The Consultstreet theme has not been updated for two months and is unlikely to receive further patches [1]. Simply deactivating the theme does not eliminate the security risk; a mitigation rule from Patchstack is required to block exploitation. Users are advised to replace the theme with an alternative.

References

Broken Access Control in WordPress Consultstreet Theme

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Consultstreetinferred2 versions
<=3.0.0+ 1 more
- (no CPE)range: <=3.0.0
- (no CPE)range: <=3.0.0
Package: https://wordpress.org/themes/consultstreet

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Theme/consultstreet/vulnerability/wordpress-consultstreet-theme-3-0-0-broken-access-control-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000