漏洞基本信息 漏洞名称: Broken Access Control 漏洞级别: Medium priority 受到影响的版本: WordPress xSmart Theme <= 1.2.9.4 CVSS评分: 6.5 发布时间: 12 Jan, 2026 报告人: Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) 报告时间: 8 Sep, 2025 漏洞描述 风险: This vulnerability is moderately dangerous and expected to become exploited. 描述: A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. 解决方案 建议: 建议立即缓解或解决漏洞。 Patchstack提供的解决方案: Patchstack has issued a mitigation rule to block any attacks until an official fix becomes available, can be tested and be safely applied. 细节 软件: xSmart 类型: Theme 易受攻击版本: <= 1.2.9.4 OWASP Top 10: A1: Broken Access Control