CVE-2025-52803: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-52803) was discovered in uxper Sala theme affecting versions through 1.1.3. The vulnerability was reported on May 8, 2025, and publicly disclosed on July 8, 2025. This security issue allows unauthenticated users to access functionality not properly constrained by Access Control Lists (ACLs) (Patchstack).

The vulnerability is classified as a Broken Access Control issue with a CVSS v3.1 Base Score of 7.5 (High). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating that it can be exploited over the network with low attack complexity, requires no privileges or user interaction, and has a high impact on integrity (Patchstack).

The vulnerability allows unprivileged users to execute higher privileged actions due to missing authorization, authentication, or nonce token checks. This broken access control issue is considered highly dangerous and is expected to become mass exploited (Patchstack).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Users are advised to implement the virtual patch immediately for protection (Patchstack).