- Description
- The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user's email address.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-288
- Hype score
- Not currently trending
CVE-2025-4797 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeo..https://t.co/RcmiNaRcrg #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
8 Jun 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4797 Golo - City Travel Guide WordPress Theme Unauthenticated Account Takeover Vulnerability https://t.co/Qlq2xMLkDC
@VulmonFeeds
3 Jun 2025
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4797 The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0.… https://t.co/Yn4tFDLUjj
@CVEnew
3 Jun 2025
537 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4797: CRITICAL] Vulnerability alert: Golo - City Travel Guide WordPress Theme is prone to privilege escalation via account takeover in versions up to 1.7.0. Attackers can impersonate any user. #Cyber...#cve,CVE-2025-4797,#cybersecurity https://t.co/wzoUJxhGwk https://t.
@CveFindCom
3 Jun 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes