{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32337", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:10:25.226Z", "datePublished": "2026-03-13T11:41:56.507Z", "dateUpdated": "2026-04-29T09:51:57.625Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "preschool-and-kindergarten", "product": "Preschool and Kindergarten", "vendor": "raratheme", "versions": [{"changes": [{"at": "1.2.6", "status": "unaffected"}], "lessThanOrEqual": "1.2.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:37.693Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Preschool and Kindergarten: from n/a through <= 1.2.5.</p>"}], "value": "Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.5."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:57.625Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/preschool-and-kindergarten/vulnerability/wordpress-preschool-and-kindergarten-theme-1-2-5-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Preschool and Kindergarten theme <= 1.2.5 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T19:25:14.246993Z", "id": "CVE-2026-32337", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:25:35.939Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.5."}, {"lang": "es", "value": "Vulnerabilidad de falta de autorizaci\u00f3n en raratheme Preschool and Kindergarten preschool-and-kindergarten permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Preschool and Kindergarten: desde n/a hasta &lt;= 1.2.5."}], "id": "CVE-2026-32337", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:44.493", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/preschool-and-kindergarten/vulnerability/wordpress-preschool-and-kindergarten-theme-1-2-5-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.2.5]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[1.2.6,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 99.0, "source": "matching"}]}, "original": {"product": "Preschool and Kindergarten", "source": "cna", "vendor": "raratheme"}, "product": "preschool_and_kindergarten", "vendor": "rarathemes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T15:02:17.772073+00:00", "value": {"mitigation_remediation": ["Upgrade the Preschool and Kindergarten theme to the latest version that resolves the missing authorization flaw.", "Verify the theme configuration to ensure that all access controls are correctly enforced and that file editing via the WordPress dashboard is disabled if not needed."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "The affected product is the raratheme Preschool and Kindergarten WordPress theme, versions n/a through 1.2.5. Any WordPress installation using this theme from its initial release up to and including version 1.2.5 is at risk. Specific version data from the CNA identifies the entire range of versions up to 1.2.5 as impacted.", "description_and_impact": "The vulnerability is a missing authorization flaw in the raratheme Preschool and Kindergarten theme, allowing attackers to exploit incorrectly configured access control security levels. This flaw can enable individuals to gain unauthorized access to administrative functions or sensitive data without proper authentication, potentially altering theme settings, uploading malicious code, or accessing privileged information. The weakness is identified as CWE-862, which indicates a missing or incorrect access control check.", "risk_and_exploitability": "The CVSS base score is 5.3, indicating a moderate severity. The EPSS score is reported as less than 1%, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly defined in the provided data; however, based on typical WordPress theme interactions, it is inferred that the flaw can be exploited remotely via web requests to privileged pages or administrative endpoints. No prerequisites beyond accessing the affected theme's administrative interfaces are described, implying that an attacker could leverage this weakness with minimal effort once the site is reachable."}}}}, "created": "2026-03-16T09:37:31.725156+00:00", "updated": "2026-03-23T09:59:17.791926+00:00", "vendors": ["rarathemes", "rarathemes$PRODUCT$preschool_and_kindergarten", "wordpress", "wordpress$PRODUCT$wordpress"]}