CVE-2025-4797: 
WordPress vulnerability analysis and mitigation

The Golo - City Travel Guide WordPress Theme contains a critical privilege escalation vulnerability (CVE-2025-4797) affecting all versions up to and including 1.7.0. The vulnerability was disclosed on June 3, 2025, and involves improper user identity validation during the authorization cookie setting process (NVD Database).

The vulnerability is classified as an authentication bypass using an alternate path or channel (CWE-288). It has received a CVSS v3.1 score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (Wiz Analysis).

The vulnerability enables unauthenticated attackers to perform account takeover attacks and gain unauthorized access to any user account, including administrator accounts, by only knowing the target user's email address. This can lead to complete site compromise and full control over affected WordPress installations (NVD Database).

Users of the Golo - City Travel Guide WordPress Theme should immediately update their installations to a version newer than 1.7.0 once available. In the interim, site administrators should implement additional security measures such as web application firewalls and monitoring for unauthorized access attempts (Wiz Analysis).