CVE-2025-62028
Description
Missing Authorization vulnerability in ThemeNectar Salient salient.This issue affects Salient: from n/a through < 17.4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in the Salient theme for WordPress allows unauthenticated users to access higher-privileged functions.
Vulnerability
Overview
CVE-2025-62028 is a missing authorization vulnerability in the Salient WordPress theme by ThemeNectar, affecting versions from n/a through 17.4.0. The issue stems from broken access control — specifically, a missing check for proper authorization or nonce tokens in a function, allowing unprivileged users to execute actions intended for higher-privilege roles [1].
Attack
Vector
The vulnerability can be exploited remotely without authentication, leveraging the broken access control to perform unauthorized actions. Attackers can target any site running the vulnerable theme version, and such flaws are frequently used in mass-exploit campaigns against thousands of websites [1].
Impact
Successful exploitation enables an attacker to bypass authorization restrictions and carry out actions that should only be available to authenticated users with elevated permissions. This could include modifying site content, settings, or other sensitive operations depending on the affected functionality.
Mitigation
ThemeNectar has released version 17.4.0 which addresses the issue. Users are strongly advised to update immediately. If updating is not possible, contacting a hosting provider or web developer for assistance is recommended [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: < 17.4.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.