cbcvebase.

Uxper Golo vulnerabilities

8 known vulnerabilities affecting uxper/golo.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-12876P2CRITICALCVSS 9.8fixed in 1.6.112025-03-07
CVE-2024-12876 [CRITICAL] CWE-862 CVE-2024-12876: The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalati The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user
nvd
CVE-2025-54725P2CRITICALCVSS 9.8≤ 1.7.02025-08-28
CVE-2025-54725 [CRITICAL] CWE-288 CVE-2025-54725: Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo golo allows Aut Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo golo allows Authentication Abuse.This issue affects Golo: from n/a through <= 1.7.0.
nvd
CVE-2026-27051P2CRITICALCVSS 9.8≤ 1.7.02026-03-25
CVE-2026-27051 [CRITICAL] CWE-266 CVE-2026-27051: Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This iss Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0.
nvd
CVE-2020-23790P3CRITICALCVSS 9.8v1.1.52021-05-12
CVE-2020-23790 [CRITICAL] CWE-434 CVE-2020-23790: An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5.
nvd
CVE-2026-23975P3HIGHCVSS 7.5≤ 1.7.52026-01-22
CVE-2026-23975 [HIGH] CWE-98 CVE-2026-23975: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5.
nvd
CVE-2026-23974P4MEDIUMCVSS 5.3≤ 1.7.52026-01-22
CVE-2026-23974 [MEDIUM] CWE-862 CVE-2026-23974: Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Acce Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
nvd
CVE-2026-23973P4HIGHCVSS 7.1≤ 1.7.52026-03-25
CVE-2026-23973 [HIGH] CWE-79 CVE-2026-23973: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.
nvd
CVE-2025-54724P4HIGHCVSS 7.1≤ 1.7.12025-08-28
CVE-2025-54724 [HIGH] CWE-79 CVE-2025-54724: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through <= 1.7.1.
nvd
Uxper Golo vulnerabilities | cvebase