WordPress Genemy theme <= 1.6.6 - Broken Access Control vulnerability

Vulnerability

A broken access control vulnerability exists in the Genemy WordPress theme, affecting versions up to and including 1.6.6. The theme fails to properly authorize or validate nonce tokens in certain functions, allowing unauthenticated or subscriber-level users to execute actions intended for higher-privileged roles [1].

Exploitation

An attacker with subscriber-level access, or even unauthenticated if the WordPress REST API is exposed, can trigger the vulnerable functions without proper authentication. The exact sequence depends on the specific missing check, but generally involves sending a crafted request to a function that should require administrator privileges [1].

Impact

Successful exploitation allows an unprivileged attacker to perform administrative actions, such as altering theme settings, modifying content, or escalating privileges. This can lead to full site compromise, including data disclosure, site defacement, or further injection attacks [1].

Mitigation

Update the Genemy theme to version 1.6.7 or later if available; otherwise, the only workaround is to restrict access to the affected functionality until a patched release is provided. According to the Patchstack advisory, the vulnerability is considered moderately dangerous and likely to be used in mass-exploit campaigns [1].