{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32370", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:10:59.411Z", "datePublished": "2026-03-13T11:42:06.611Z", "dateUpdated": "2026-04-29T09:51:58.117Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "influencer", "product": "Influencer", "vendor": "raratheme", "versions": [{"changes": [{"at": "1.1.8", "status": "unaffected"}], "lessThanOrEqual": "1.1.7", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:49.437Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Influencer: from n/a through <= 1.1.7.</p>"}], "value": "Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:58.117Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/influencer/vulnerability/wordpress-influencer-theme-1-1-7-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Influencer theme <= 1.1.7 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32370", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:45:09.443848Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:53:31.189Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32370", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:45:09.443848Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:45:10.174Z"}}], "cna": {"title": "WordPress Influencer theme <= 1.1.7 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "raratheme", "product": "Influencer", "versions": [{"status": "affected", "changes": [{"at": "1.1.8", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.1.7"}], "packageName": "influencer", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:04:49.437Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/influencer/vulnerability/wordpress-influencer-theme-1-1-7-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Influencer: from n/a through <= 1.1.7.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:16:01.095Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32370", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:16:01.095Z", "dateReserved": "2026-03-12T11:10:59.411Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:06.611Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7."}, {"lang": "es", "value": "Vulnerabilidad por falta de autorizaci\u00f3n en raratheme Influencer influencer permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Influencer: desde n/a hasta &lt;= 1.1.7."}], "id": "CVE-2026-32370", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:51.350", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/influencer/vulnerability/wordpress-influencer-theme-1-1-7-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.7]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "1.1.8"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Influencer", "source": "cna", "vendor": "raratheme"}, "product": "influencer", "vendor": "raratheme"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T16:19:40.525956+00:00", "value": {"mitigation_remediation": ["Update the Influencer theme to version 1.1.8 or newer as soon as a patch is available."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The raratheme Influencer WordPress theme is vulnerable in all releases from its earliest version through version 1.1.7 inclusive. Any installation of the theme with a version number less than or equal to 1.1.7 is within scope.", "description_and_impact": "The vulnerability exists because the Influencer WordPress theme incorrectly configures access control security levels, allowing users who normally lack certain privileges to perform unauthorized actions. This flaw, identified as CWE-862, can lead to malicious content manipulation and configuration changes on the affected WordPress site.", "risk_and_exploitability": "The CVSS base score of 5.3 denotes medium severity. An EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The description does not specify an attack vector, but based on the nature of the flaw it is inferred that exploitation could occur via the website\u2019s front\u2011end or back\u2011end interfaces, targeting users with insufficient privileges."}}}}, "created": "2026-03-16T09:34:38.537392+00:00", "updated": "2026-03-23T09:58:48.005311+00:00", "vendors": ["raratheme", "raratheme$PRODUCT$influencer", "wordpress", "wordpress$PRODUCT$wordpress"]}