CVE-2025-59563 PUBLISHED

WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Assigner: Patchstack
Reserved: 17.09.2025 Published: 17.06.2026 Updated: 17.06.2026

Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8

CVSS 3.1

Vendor	SONAAR MUSIC
Product	Sonaar
Versions	Default: unaffected affected from n/a to 4.27.4 (incl.)

Update the WordPress Sonaar theme to the latest available version (at least 4.27.5).

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program finder