CVE-2025-62028: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-62028) was identified in ThemeNectar's Salient WordPress theme affecting versions prior to 17.4.0. The vulnerability was discovered by João Pedro S Alcântara (Kinorth) and was publicly disclosed on October 16, 2025 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 base score of 4.3 (Medium). The vulnerability vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating adjacent network attack vector, low attack complexity, no privileges required, no user interaction needed, unchanged scope, low confidentiality impact, and no impact on integrity or availability (NVD).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks in specific functions. The issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).

The vulnerability has been fixed in Salient theme version 17.4.0. Users are recommended to update to version 17.4.0 or later to remove the vulnerability. Due to the low severity impact, immediate mitigation is considered unnecessary (Patchstack).