VYPR

Golo

by WordPress

CVEs (7)

  • CVE-2025-54725CriAug 28, 2025
    risk 0.64cvss 9.8epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo golo allows Authentication Abuse.This issue affects Golo: from n/a through <= 1.7.0.

  • CVE-2025-4797CriJun 3, 2025
    risk 0.64cvss 9.8epss 0.00

    The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie.…

  • CVE-2026-23975HigJan 22, 2026
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5.

  • CVE-2026-23973HigMar 25, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.

  • CVE-2025-54724HigAug 28, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through <= 1.7.1.

  • CVE-2026-23974MedJan 22, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.

  • CVE-2024-12876Mar 7, 2025
    risk 0.00cvss epss 0.00

    The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This…