CVE-2025-58210: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability (CVE-2025-58210) affects ThemeMove Makeaholic WordPress theme versions through 1.8.5. The vulnerability was discovered by Tran Nguyen Bao Khanh from VCI - VNPT Cyber Immunity and was disclosed on August 27, 2025. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) (Patchstack).

The vulnerability is classified as a Missing Authorization (CWE-862) issue that allows exploiting incorrectly configured access control security levels. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and has a limited impact on integrity while not affecting confidentiality or availability (NVD).

The vulnerability is characterized as a broken access control issue that could allow an unprivileged user to execute certain higher privileged actions. While the specific impact varies case by case, the CVSS scoring indicates a low severity impact that primarily affects the integrity of the system (Patchstack).

Users are advised to update to Makeaholic version 1.8.7 or later to remove the vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).