{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32350", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:10:47.068Z", "datePublished": "2026-03-13T11:41:58.999Z", "dateUpdated": "2026-04-29T09:51:57.879Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "chocolate-house", "product": "Chocolate House", "vendor": "wpradiant", "versions": [{"changes": [{"at": "1.1.6", "status": "unaffected"}], "lessThanOrEqual": "1.1.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:38.924Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Chocolate House: from n/a through <= 1.1.5.</p>"}], "value": "Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:57.879Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/chocolate-house/vulnerability/wordpress-chocolate-house-theme-1-1-5-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Chocolate House theme <= 1.1.5 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32350", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:44:56.048647Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:53:30.907Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32350", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:44:56.048647Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:44:56.703Z"}}], "cna": {"title": "WordPress Chocolate House theme <= 1.1.5 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "wpradiant", "product": "Chocolate House", "versions": [{"status": "affected", "changes": [{"at": "1.1.6", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.1.5"}], "packageName": "chocolate-house", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:04:38.924Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/chocolate-house/vulnerability/wordpress-chocolate-house-theme-1-1-5-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Chocolate House: from n/a through <= 1.1.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:57.879Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32350", "state": "PUBLISHED", "dateUpdated": "2026-04-29T09:51:57.879Z", "dateReserved": "2026-03-12T11:10:47.068Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:41:58.999Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en wpradiant Chocolate House chocolate-house permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Chocolate House: desde n/a hasta &lt;= 1.1.5."}], "id": "CVE-2026-32350", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:46.927", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/chocolate-house/vulnerability/wordpress-chocolate-house-theme-1-1-5-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.5]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[1.1.6,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Chocolate House", "source": "cna", "vendor": "wpradiant"}, "product": "chocolate_house", "vendor": "wpradiant"}], "analysis": {"en": {"generated_at": "2026-03-19T16:20:08.653562+00:00", "value": {"mitigation_remediation": ["Upgrade the Chocolate House theme to a version newer than 1.1.5. If an upgrade is not immediately possible, restrict access to the theme\u2019s administrative functionality so only privileged users can use it. Check the vendor\u2019s website or the theme\u2019s repository for any future updates or official patches."], "summary": {"action": "Update Theme", "impact": "Broken Access Control"}, "threat_synthesis": {"affected_systems": "The affected product is the WordPress Chocolate House theme from vendor wpradiant. The CVE impact text shows that the issue applies to all releases from the first release through version 1.1.5, as noted: \"Chocolate House: from n/a through <= 1.1.5\". Therefore any site running Chocolate House 1.1.5 or earlier is affected.", "description_and_impact": "This vulnerability is a Missing Authorization flaw in the wpradiant Chocolate House WordPress theme. Key detail from the description: \"Missing Authorization vulnerability ... allows Exploiting Incorrectly Configured Access Control Security Levels\". Because it is a broken access control problem (CWE-862), an attacker may gain unauthorized access to functionality that should be restricted. The description does not explicitly state which functions are exposed or the consequences, so it is unclear whether an attacker could modify content, upload files, or view sensitive data; these are not confirmed by the supplied data.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate risk. The EPSS score is less than 1%, indicating a low chance of exploitation currently. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly provided in the description; the likely route is through web requests to the theme\u2019s administrative paths, but this is inferred rather than confirmed by the available information."}}}}, "created": "2026-03-16T09:34:56.207220+00:00", "updated": "2026-03-23T09:59:06.181596+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpradiant", "wpradiant$PRODUCT$chocolate_house"]}