{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32377", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:10:59.412Z", "datePublished": "2026-03-13T11:42:07.877Z", "dateUpdated": "2026-04-29T09:51:58.100Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "pranayama-yoga", "product": "Pranayama Yoga", "vendor": "raratheme", "versions": [{"changes": [{"at": "1.2.3", "status": "unaffected"}], "lessThanOrEqual": "1.2.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:00.158Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Pranayama Yoga: from n/a through <= 1.2.2.</p>"}], "value": "Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:58.100Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/pranayama-yoga/vulnerability/wordpress-pranayama-yoga-theme-1-2-2-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Pranayama Yoga theme <= 1.2.2 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T20:30:58.471911Z", "id": "CVE-2026-32377", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T20:33:25.040Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32377", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T20:30:58.471911Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T20:30:59.106Z"}}], "cna": {"title": "WordPress Pranayama Yoga theme <= 1.2.2 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "raratheme", "product": "Pranayama Yoga", "versions": [{"status": "affected", "changes": [{"at": "1.2.3", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 1.2.2"}], "packageName": "pranayama-yoga", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-13T12:41:11.583Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/pranayama-yoga/vulnerability/wordpress-pranayama-yoga-theme-1-2-2-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Pranayama Yoga: from n/a through <= 1.2.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-13T11:42:07.877Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32377", "state": "PUBLISHED", "dateUpdated": "2026-03-13T20:33:25.040Z", "dateReserved": "2026-03-12T11:10:59.412Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:07.877Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en raratheme Pranayama Yoga pranayama-yoga permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Pranayama Yoga: desde n/a hasta &lt;= 1.2.2."}], "id": "CVE-2026-32377", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:52.457", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/pranayama-yoga/vulnerability/wordpress-pranayama-yoga-theme-1-2-2-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.2.2]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[1.2.3,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Pranayama Yoga", "source": "cna", "vendor": "raratheme"}, "product": "pranayama_yoga", "vendor": "raratheme"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T16:19:27.797301+00:00", "value": {"mitigation_remediation": ["Check the raratheme website or WordPress repository for an updated Pranayama Yoga theme that addresses the access control issue.", "If an update is not available, temporarily restrict or block access to the theme\u2019s administrative pages using a security plugin or firewall rules until a fix is released.", "Monitor site logs for unauthorized access attempts and review any unusual administrative activity."], "summary": {"action": "Patch", "impact": "Access Control Bypass"}, "threat_synthesis": {"affected_systems": "Affected product: raratheme Pranayama Yoga theme, version 1.2.2 and all earlier releases. No specific patch version is indicated in the CVE source, so every version up to and including 1.2.2 is considered vulnerable.", "description_and_impact": "The vulnerability is a missing authorization flaw (CWE\u2011862) in the raratheme Pranayama Yoga WordPress theme. It allows an attacker to bypass properly configured access controls and gain unauthorized access to protected administrative areas. As a result, the attacker could read, modify, or delete site content and configuration settings that should be restricted, compromising confidentiality, integrity, and potentially availability of the website.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog, implying no known widespread attacks. The likely attack vector is web\u2011based, requiring an attacker to construct and send requests targeting administrative endpoints that lack sufficient authorization checks. No additional exploitation prerequisites are stated in the CVE data."}}}}, "created": "2026-03-16T09:34:32.202187+00:00", "updated": "2026-03-23T12:04:22.126902+00:00", "vendors": ["raratheme", "raratheme$PRODUCT$pranayama_yoga", "wordpress", "wordpress$PRODUCT$wordpress"]}