{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22450", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T13:43:49.724Z", "datePublished": "2026-01-22T16:52:39.366Z", "dateUpdated": "2026-04-28T17:14:43.580Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "donpeppe", "product": "Don Peppe", "vendor": "Select-Themes", "versions": [{"lessThanOrEqual": "1.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:21:15.911Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Don Peppe: from n/a through <= 1.3.</p>"}], "value": "Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:44.228Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/donpeppe/vulnerability/wordpress-don-peppe-theme-1-3-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Don Peppe theme <= 1.3 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T17:32:38.194635Z", "id": "CVE-2026-22450", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T17:14:43.580Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22450", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T13:43:49.724Z", "datePublished": "2026-01-22T16:52:39.366Z", "dateUpdated": "2026-04-28T17:14:43.580Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "donpeppe", "product": "Don Peppe", "vendor": "Select-Themes", "versions": [{"lessThanOrEqual": "1.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:21:15.911Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Don Peppe: from n/a through <= 1.3.</p>"}], "value": "Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:44.228Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/donpeppe/vulnerability/wordpress-don-peppe-theme-1-3-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Don Peppe theme <= 1.3 - Broken Access Control vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22450", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T17:32:38.194635Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T17:32:23.108Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Select-Themes Don Peppe donpeppe permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Don Peppe: desde n/a hasta &lt;= 1.3."}], "id": "CVE-2026-22450", "lastModified": "2026-04-28T19:36:38.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-22T17:16:34.663", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/donpeppe/vulnerability/wordpress-don-peppe-theme-1-3-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T07:44:07.256120+00:00", "value": {"mitigation_remediation": ["Update the Don Peppe theme to a version newer than 1.3 once the vendor releases a patched build. ", "If an update cannot be applied immediately, remove or deactivate the theme on all sites and clean up any lingering theme files to prevent accidental execution. ", "Configure the WordPress installation\u2019s role and capability settings to restrict access to theme management\u2014ensuring only administrators can modify theme options\u2014and monitor logs for any anomalous access attempts."], "summary": {"action": "Patch", "impact": "Broken Access Control allowing unauthorized access to theme functionality"}, "threat_synthesis": {"affected_systems": "The affected product is the Select\u2011Themes Don Peppe theme for WordPress, with all versions from the initial release up to and including 1.3 susceptible to the flaw.", "description_and_impact": "The vulnerability is a missing authorization flaw in the Don Peppe WordPress theme. Because access control checks are incorrectly configured, attackers can gain unauthorized access to theme management features, potentially modifying settings, uploading files, or creating content without permission. This weakness is categorized as CWE-862, indicating that the code fails to check for proper privileges before executing sensitive operations.", "risk_and_exploitability": "The CVSS score of 4.3 rates the issue as low severity, and the EPSS score indicates a very small probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, where a web request targeting privileged theme endpoints bypasses authentication checks. While no confirmed public exploits exist, the possibility of abuse exists if the theme is installed in an otherwise secure environment."}}}}, "created": "2026-01-23T16:28:13.893310+00:00", "updated": "2026-04-16T07:45:06.025053+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}