{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32382", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:11:04.189Z", "datePublished": "2026-03-13T11:42:08.933Z", "dateUpdated": "2026-04-29T09:51:58.252Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "digital-download", "product": "Digital Download", "vendor": "raratheme", "versions": [{"changes": [{"at": "1.1.5", "status": "unaffected"}], "lessThanOrEqual": "1.1.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:06.340Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Digital Download: from n/a through <= 1.1.4.</p>"}], "value": "Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:58.252Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/digital-download/vulnerability/wordpress-digital-download-theme-1-1-4-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Digital Download theme <= 1.1.4 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32382", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:45:39.738959Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:53:31.950Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32382", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:45:39.738959Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:45:40.448Z"}}], "cna": {"title": "WordPress Digital Download theme <= 1.1.4 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "raratheme", "product": "Digital Download", "versions": [{"status": "affected", "changes": [{"at": "1.1.5", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.1.4"}], "packageName": "digital-download", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:05:06.340Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/digital-download/vulnerability/wordpress-digital-download-theme-1-1-4-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Digital Download: from n/a through <= 1.1.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:58.252Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32382", "state": "PUBLISHED", "dateUpdated": "2026-04-29T09:51:58.252Z", "dateReserved": "2026-03-12T11:11:04.189Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:08.933Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4."}, {"lang": "es", "value": "Vulnerabilidad por ausencia de autorizaci\u00f3n en raratheme Digital Download digital-download permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Digital Download: desde n/a hasta &lt;= 1.1.4."}], "id": "CVE-2026-32382", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:53.307", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/digital-download/vulnerability/wordpress-digital-download-theme-1-1-4-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.4]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "1.1.5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Digital Download", "source": "cna", "vendor": "raratheme"}, "product": "digital_download", "vendor": "raratheme"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T14:55:00.485162+00:00", "value": {"mitigation_remediation": ["Update the raratheme Digital Download theme to the latest version (1.1.5 or newer).", "Verify that access control settings for protected media are correctly configured in WordPress after the update."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access to Protected Content"}, "threat_synthesis": {"affected_systems": "Any WordPress site using the raratheme Digital Download theme up to and including version 1.1.4 is affected. The problem exists from the earliest release (n/a) through version 1.1.4. Updating to a newer, patched version eliminates the flaw.", "description_and_impact": "The vulnerability is a broken access control flaw in the raratheme Digital Download WordPress theme. It allows an attacker to bypass the theme\u2019s incorrectly configured security levels, granting unintended access to protected content. This weakness is identified as CWE-862, representing missing authorization. The impact includes the potential for unauthorized viewing, download, or modification of digital assets that are meant to be restricted.", "risk_and_exploitability": "The CVSS score is 5.3, indicating a medium severity. The EPSS score is less than 1%, and the vulnerability is not listed in the CISA KEV catalog, suggesting lower likelihood of widespread exploitation. Attackers would need to send crafted requests to the theme\u2019s endpoints to exploit the access control bypass. No public exploit or known workaround is documented; therefore, the onus falls on the site administrator to apply the vendor patch to mitigate the risk."}}}}, "created": "2026-03-16T09:34:27.744775+00:00", "updated": "2026-03-23T12:04:17.283419+00:00", "vendors": ["raratheme", "raratheme$PRODUCT$digital_download", "wordpress", "wordpress$PRODUCT$wordpress"]}