{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69344", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:12:28.142Z", "datePublished": "2026-01-07T11:51:22.838Z", "dateUpdated": "2026-04-28T16:14:38.248Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "oneline-lite", "product": "Oneline Lite", "vendor": "themehunk", "versions": [{"changes": [{"at": "6.7", "status": "unaffected"}], "lessThanOrEqual": "6.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "John P | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:44:01.507Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Oneline Lite: from n/a through <= 6.6.</p>"}], "value": "Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through <= 6.6."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:38.248Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/oneline-lite/vulnerability/wordpress-oneline-lite-theme-6-6-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-07T14:24:37.727653Z", "id": "CVE-2025-69344", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T14:24:46.998Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-69344", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-07T14:24:37.727653Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T14:24:42.548Z"}}], "cna": {"title": "WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "John P | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "themehunk", "product": "Oneline Lite", "versions": [{"status": "affected", "changes": [{"at": "6.7", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "6.6"}], "packageName": "oneline-lite", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:22:08.880Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/oneline-lite/vulnerability/wordpress-oneline-lite-theme-6-6-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through <= 6.6.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Oneline Lite: from n/a through <= 6.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:14:00.920Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69344", "state": "PUBLISHED", "dateUpdated": "2026-04-23T14:14:00.920Z", "dateReserved": "2025-12-31T20:12:28.142Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-07T11:51:22.838Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through <= 6.6."}], "id": "CVE-2025-69344", "lastModified": "2026-04-23T15:36:22.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-07T12:17:06.557", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/oneline-lite/vulnerability/wordpress-oneline-lite-theme-6-6-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T18:21:24.405943+00:00", "value": {"mitigation_remediation": ["Verify the current Oneline Lite version and upgrade to the latest release that addresses the access\u2011control issue, if available.", "If no update is available, restrict administrative access to the WordPress dashboard to trusted users only and consider disabling the theme until a fix is released.", "Review the WordPress user roles and capabilities to ensure no users possess unnecessary permissions that could be leveraged against the theme.", "Install or configure a web application firewall to block anomalous requests targeting the theme\u2019s files or administrative paths."], "summary": {"action": "Assess Impact", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The affected product is the Oneline Lite theme from themehunk. All releases from the earliest version through version 6.6 are vulnerable, with the latest known vulnerable release being 6.6.", "description_and_impact": "This vulnerability is a missing authorization flaw in the Oneline Lite WordPress theme that allows an attacker to bypass normal access controls. Classified as CWE\u2011862, the flaw can enable an unauthenticated or minimally privileged user to perform privileged actions such as uploading or modifying theme files, thereby compromising site integrity and potentially executing malicious code.", "risk_and_exploitability": "The EPSS score indicates a very low probability of exploitation (<1\u202f%). Nevertheless, because the flaw leads to privilege escalation, the potential damage is significant if an attacker succeeds. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is the web interface of the WordPress site; any user with sufficient access to the admin dashboard or who can submit requests to theme files may exploit the broken access control. The CVSS score of 4.3 indicates a moderate level of severity."}}}}, "created": "2026-01-08T09:49:04.538771+00:00", "updated": "2026-04-28T18:30:37.330512+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}