Uxper Golo
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Uxper Golo.
By the Year
In 2026 there have been 4 vulnerabilities in Uxper Golo with an average score of 7.4 out of ten. Last year, in 2025 Golo had 1 security vulnerability published. That is, 3 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 2.38
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 7.43 |
| 2025 | 1 | 9.80 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.80 |
It may take a day or so for new Golo vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Uxper Golo Security Vulnerabilities
Golo <=1.7.0 Priv Escalation via Incorrect Priv Assign in uxper Golo component
CVE-2026-27051
9.8 - Critical
- March 25, 2026
Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0.
Incorrect Privilege Assignment
Golo <=1.7.5 Reflected XSS via Improper Neutralization (CVE-2026-23973)
CVE-2026-23973
7.1 - High
- March 25, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.
XSS
Missing Authorization in Golo Before 1.7.5 (uxper)
CVE-2026-23974
5.3 - Medium
- January 22, 2026
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
AuthZ
PHP LFI in Golo <1.7.5 (CVE-2026-23975)
CVE-2026-23975
7.5 - High
- January 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5.
Remote file include
Privilege Escalation via AT in Golo City Travel Guide WP Theme <=1.6.10
CVE-2024-12876
9.8 - Critical
- March 07, 2025
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
AuthZ
An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5.
CVE-2020-23790
9.8 - Critical
- May 12, 2021
An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5.
Unrestricted File Upload
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Uxper Golo or by Uxper? Click the Watch button to subscribe.
