CVE-2025-0515: 
WordPress vulnerability analysis and mitigation

The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme contains a vulnerability (CVE-2025-0515) related to unauthorized modification of data. The vulnerability was discovered and disclosed on January 17, 2025, affecting all versions up to and including 2.0.4. This security issue impacts WordPress installations using the Buzz Club theme (NVD).

The vulnerability stems from a missing capability check in the 'cmsmastershideadmin_notice' function. The issue has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The weakness is categorized as CWE-862 (Missing Authorization) (NVD).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to update option values to 'hide' on the WordPress site. This can be exploited to create errors on the site leading to denial of service for legitimate users, or to modify certain settings such as registration values (NVD).

Users should update their Buzz Club WordPress theme to a version newer than 2.0.4 when available. The vulnerability has been reported and documented in the theme's official repository (ThemeForest).