{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22407", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T12:21:56.449Z", "datePublished": "2026-01-22T16:52:37.888Z", "dateUpdated": "2026-04-28T16:56:45.316Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "roam", "product": "Roam", "vendor": "Mikado-Themes", "versions": [{"lessThanOrEqual": "2.1.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:21:14.365Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Roam: from n/a through <= 2.1.1.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:43.253Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/roam/vulnerability/wordpress-roam-theme-2-1-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}], "title": "WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T18:37:12.383807Z", "id": "CVE-2026-22407", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T16:56:45.316Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22407", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T18:37:12.383807Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T18:37:09.178Z"}}], "cna": {"title": "WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mikado-Themes", "product": "Roam", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.1.1"}], "packageName": "roam", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:21:14.365Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/roam/vulnerability/wordpress-roam-theme-2-1-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Roam: from n/a through <= 2.1.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:43.253Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22407", "state": "PUBLISHED", "dateUpdated": "2026-04-28T16:56:45.316Z", "dateReserved": "2026-01-07T12:21:56.449Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-22T16:52:37.888Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1."}, {"lang": "es", "value": "Vulnerabilidad de elusi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en Mikado-Themes Roam roam permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Roam: desde n/a hasta &lt;= 2.1.1."}], "id": "CVE-2026-22407", "lastModified": "2026-04-28T19:36:35.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-22T17:16:33.790", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/roam/vulnerability/wordpress-roam-theme-2-1-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T07:46:56.428639+00:00", "value": {"mitigation_remediation": ["Upgrade the Roam theme to a version later than 2.1.1 that contains the fix.", "If an immediate upgrade is not possible, deploy server\u2011side access checks for all object requests to enforce proper permissions.", "Consider implementing a web\u2011application firewall rule that blocks requests attempting to access objects the user is not authorized to view."], "summary": {"action": "Update Theme", "impact": "Authorization Bypass via IDOR"}, "threat_synthesis": {"affected_systems": "Affected systems are WordPress sites using the Mikado-Themes Roam theme through version 2.1.1. The issue applies to any installation that has not yet upgraded beyond this release.", "description_and_impact": "The Mikado-Themes Roam theme contains an Authorization Bypass Through User\u2011Controlled Key vulnerability, also known as IDOR, allowing an attacker to request resources that they are not authorized to access. This flaw stems from incorrectly configured access control security levels. If exploited, an attacker could read or modify protected content, leading to confidentiality or integrity violations.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate impact. The EPSS score shows a less than 1% likelihood of exploitation, suggesting a low probability under current threat conditions. The vulnerability is not listed in CISA\u2019s KEV catalog. Attacks would likely exploit direct URL manipulation to access privileged objects; this inference is drawn from the description of an IDOR flaw and the nature of the weakness (CWE\u2011639)."}}}}, "created": "2026-01-23T16:27:35.837557+00:00", "updated": "2026-04-16T08:00:11.177975+00:00", "vendors": ["mikado-themes", "mikado-themes$PRODUCT$roam", "wordpress", "wordpress$PRODUCT$wordpress"]}