A vulnerability, which was classified as critical, has been found in solacewp Starter Template feature up to 1.5.3 on WordPress. The affected element is the function wp_ajax_nopriv_ of the file /wp-admin/profile.php of the component Authorization. The manipulation of the argument nonce leads to authorization bypass.

This vulnerability is referenced as CVE-2026-13250. Remote exploitation of the attack is possible. No exploit is available.