{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32341", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:10:35.809Z", "datePublished": "2026-03-13T11:41:57.194Z", "dateUpdated": "2026-04-29T09:51:57.636Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "benevolent", "product": "Benevolent", "vendor": "raratheme", "versions": [{"changes": [{"at": "1.4.0", "status": "unaffected"}], "lessThanOrEqual": "1.3.9", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:37.913Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Benevolent: from n/a through <= 1.3.9.</p>"}], "value": "Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:57.636Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/benevolent/vulnerability/wordpress-benevolent-theme-1-3-9-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Benevolent theme <= 1.3.9 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T20:18:10.318981Z", "id": "CVE-2026-32341", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T20:18:38.659Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T20:18:10.318981Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T20:17:30.662Z"}}], "cna": {"title": "WordPress Benevolent theme <= 1.3.9 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "raratheme", "product": "Benevolent", "versions": [{"status": "affected", "changes": [{"at": "1.4.0", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 1.3.9"}], "packageName": "benevolent", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-13T12:41:17.115Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/benevolent/vulnerability/wordpress-benevolent-theme-1-3-9-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Benevolent: from n/a through <= 1.3.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-13T11:41:57.194Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32341", "state": "PUBLISHED", "dateUpdated": "2026-03-13T20:18:38.659Z", "dateReserved": "2026-03-12T11:10:35.809Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:41:57.194Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9."}, {"lang": "es", "value": "Vulnerabilidad de Autorizaci\u00f3n Faltante en raratheme Benevolent benevolent permite Explotar Niveles de Seguridad de Control de Acceso Incorrectamente Configurados. Este problema afecta a Benevolent: desde n/a hasta &lt;= 1.3.9."}], "id": "CVE-2026-32341", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:45.260", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/benevolent/vulnerability/wordpress-benevolent-theme-1-3-9-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.9]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[1.4.0,*]"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "Benevolent", "source": "cna", "vendor": "raratheme"}, "product": "benevolent", "vendor": "rarathemes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T15:01:33.604457+00:00", "value": {"mitigation_remediation": ["Update the Benevolent theme to the latest published version that corrects the access control issue; if a new release is not yet available, consider removing or disabling the theme until a patch is released.", "Verify that the updated theme enforces appropriate authorization by attempting to access protected pages as an unprivileged user.", "Apply WordPress core and plugin updates regularly and implement general hardening practices such as restricting file permissions, using a web application firewall, and monitoring logs for unauthorized activity."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access via Broken Access Control"}, "threat_synthesis": {"affected_systems": "The affected product is the raratheme Benevolent theme for WordPress, with all releases from the earliest available version through version 1.3.9 susceptible to this weakness. The precise version range is noted as \"from n/a through <= 1.3.9\" in the vendor description.", "description_and_impact": "The vulnerability in the Benevolent theme arises from missing authorization checks that enable the exploitation of incorrectly configured access control security levels. As a result, an attacker who gains a user context may perform actions or view content that should be restricted to privileged users. This issue is formally identified as CWE-862, indicating an authorization flaw that can compromise the integrity and confidentiality of the web application.", "risk_and_exploitability": "The CVSS score of 5.3 places this vulnerability in the Medium severity range, while an EPSS score of less than 1% indicates a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, which suggests it has not been actively exploited by known threat actors at the time of reporting. The attack vector is inferred to be remote, via the WordPress front\u2011end or admin interface, assuming an attacker can host or overwrite theme files or otherwise trigger the missing authorization checks. Successful exploitation would allow an unauthenticated user to access protected areas or perform actions reserved for authenticated administrators."}}}}, "created": "2026-03-16T09:37:27.245099+00:00", "updated": "2026-03-23T09:59:14.178594+00:00", "vendors": ["rarathemes", "rarathemes$PRODUCT$benevolent", "wordpress", "wordpress$PRODUCT$wordpress"]}