Golo City Travel Guide Wordpress Theme
Approved changes feed: RSS · Atom
cpe:2.3:a:uxper:golo_-_city_travel_guide_wordpress_theme:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Uxper (6c56a358-8d6f-5c7d-9d6e-386b1220c2cf) |
|---|---|
| Product | Golo City Travel Guide Wordpress Theme (7d16c87e-18fa-5e78-a301-4b2c3e4ff5c3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-4797 |
vulnerable | 2026-06-08 07:29:17.304218 |
Golo <= 1.7.0 - Authentication Bypass to Account Takeover
CRITICAL (9.8)
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user's email address. CVE-2025-54725 is likely a duplicate of this issue.
Published: 2025-06-03T04:22:16.085Z
Updated: 2026-04-08T17:30:25.504Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12876 |
vulnerable | 2026-06-08 06:25:36.260949 |
Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change
CRITICAL (9.8)
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Published: 2025-03-07T08:21:28.125Z
Updated: 2026-04-08T17:30:15.226Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.