CVE-2025-67573
Description
Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through < 4.4.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in ThimPress Sailing theme (<4.4.6) allows unauthenticated attackers to exploit broken access controls.
The Sailing theme for WordPress (versions prior to 4.4.6) contains a missing authorization vulnerability [1]. This means that certain functions or endpoints lack proper access control checks, allowing users without the required privileges to perform actions that should be restricted. The issue is classified as a broken access control vulnerability, which can be exploited by sending crafted requests to vulnerable endpoints without authentication [1]. Attackers can leverage this in mass-exploit campaigns targeting thousands of WordPress sites, regardless of traffic size or popularity.
Successful exploitation could allow an attacker to perform unauthorized actions, such as modifying settings or accessing sensitive data, depending on the specific missing authorization. The CVSS score of 5.3 indicates medium severity, reflecting the potential for unauthorized access but not full system compromise.
Mitigation is straightforward: the vendor has released version 4.4.6 to address the issue. Users are strongly advised to update immediately. If unable to update, consult a hosting provider or web developer for assistance [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.