{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1778", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-28T11:08:22.545Z", "datePublished": "2025-06-06T05:22:42.535Z", "dateUpdated": "2026-04-08T17:20:51.025Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:20:51.025Z"}, "affected": [{"vendor": "SeaTheme", "product": "Art Theme", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.12.2.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option."}], "title": "Art Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option Delete", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c54c1fab-634d-4d1a-8234-8f1ae41c7cd4?source=cve"}, {"url": "https://themeforest.net/item/art-simple-clean-wordpress-theme-for-creatives/20170299"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2025-02-28T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-02-28T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-06-05T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-06T15:44:06.816586Z", "id": "CVE-2025-1778", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-06T16:10:04.782Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1778", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-06T15:44:06.816586Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-06T15:44:08.381Z"}}], "cna": {"title": "Art Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option Delete", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "SeaTheme", "product": "Art Theme", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.12.2.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-28T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2025-02-28T00:00:00.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-06-05T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c54c1fab-634d-4d1a-8234-8f1ae41c7cd4?source=cve"}, {"url": "https://themeforest.net/item/art-simple-clean-wordpress-theme-for-creatives/20170299"}], "descriptions": [{"lang": "en", "value": "The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-06-06T05:22:42.535Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1778", "state": "PUBLISHED", "dateUpdated": "2025-06-06T16:10:04.782Z", "dateReserved": "2025-02-28T11:08:22.545Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-06T05:22:42.535Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option."}, {"lang": "es", "value": "El tema Art para WordPress es vulnerable a accesos no autorizados debido a la falta de comprobaci\u00f3n de la funci\u00f3n AJAX \u00abarttheme_theme_option_restore\u00bb en todas las versiones hasta la 3.12.2.3 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, eliminen la opci\u00f3n del tema."}], "id": "CVE-2025-1778", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-06-06T06:15:31.397", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/art-simple-clean-wordpress-theme-for-creatives/20170299"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c54c1fab-634d-4d1a-8234-8f1ae41c7cd4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:25:59.976231+00:00", "value": {"mitigation_remediation": ["Upgrade SeaTheme:Art Theme to version 3.12.2.4 or later, which includes the missing capability check.", "Remove or disable the arttheme_theme_option_restore AJAX action for subscriber-level users through custom code or a security plugin.", "Restrict the manage_options capability to administrator role only, removing it from subscriber and editor roles if possible.", "Monitor for unauthorized attempts to delete theme options by analyzing WordPress logs or by enabling relevant audit logs."], "summary": {"action": "Patch", "impact": "Unauthorized Theme Option Deletion"}, "threat_synthesis": {"affected_systems": "SeaTheme:Art Theme for WordPress versions 3.12.2.3 and earlier are vulnerable. Users running any release up to 3.12.2.3 should update or mitigate to remove the risk.", "description_and_impact": "The Art Theme for WordPress contains a missing capability check on the AJAX endpoint \"arttheme_theme_option_restore\" in all versions up to and including 3.12.2.3. This flaw allows any authenticated user with subscriber-level access or higher to trigger the deletion of theme options, which can alter site appearance and disrupt theme functionality. The vulnerability does not provide code execution or broader system compromise, but it enables destructive configuration changes that degrade user experience.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate impact, while the EPSS score of less than 1% suggests a low probability of exploitation. The issue is not listed in the CISA KEV catalog. Exploitation requires the attacker to be authenticated at the subscriber level or higher and to access the unauthenticated AJAX endpoint, making the attack remote but credential-dependent."}}}}, "created": "2026-04-21T20:30:27.402036+00:00", "updated": "2026-04-21T20:30:27.402045+00:00", "vendors": []}