Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
CitiLights Theme: Unauthorized Access to Sensitive Data
CVE-2026-25367
Summary
A security weakness in the CitiLights theme allows unauthorized access to sensitive data if access control settings are not properly configured. This affects versions of CitiLights up to 3.7.2. To stay secure, update to the latest version of the theme.
Original title
Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through < 3...
Original description
Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through < 3.7.2.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026