CVE-2026-0676
Description
Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through <= 1.5.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in the Zorka theme for WordPress up to version 1.5.7 allows unauthenticated attackers to exploit access control flaws.
The Zorka WordPress theme, developed by G5Theme, contains a missing authorization vulnerability that affects versions from n/a through 1.5.7. This flaw arises from incorrectly configured access control security levels, specifically a broken access control mechanism where functions do not properly verify user permissions or nonce tokens [1].
An attacker can exploit this vulnerability without needing prior authentication, as the missing checks allow unprivileged or unauthenticated users to execute actions that should require higher privileges. The attack vector is network-based with low complexity, and no user interaction is required, making it accessible to remote attackers [1].
Successful exploitation can allow an attacker to perform higher-privileged actions within the affected website. This type of vulnerability is frequently used in mass-exploit campaigns targeting thousands of sites simultaneously, regardless of their size or popularity [1].
The Zorka theme has been patched starting from version 1.5.8 onward. Users are strongly advised to update to the latest version. If updating is not immediately possible, consulting a hosting provider or web developer for assistance is recommended [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.