{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32390", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:11:09.667Z", "datePublished": "2026-03-13T11:42:10.444Z", "dateUpdated": "2026-04-29T09:51:58.692Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "nanosoft", "product": "Nanosoft", "vendor": "linethemes", "versions": [{"changes": [{"at": "1.3.2", "status": "unaffected"}], "lessThanOrEqual": "1.3.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:20.490Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Nanosoft: from n/a through < 1.3.2.</p>"}], "value": "Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:58.692Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/nanosoft/vulnerability/wordpress-nanosoft-theme-1-3-2-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Nanosoft theme < 1.3.2 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T15:37:30.692301Z", "id": "CVE-2026-32390", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T15:38:48.396Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32390", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T15:37:30.692301Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T15:36:46.318Z"}}], "cna": {"title": "WordPress Nanosoft theme < 1.3.2 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "linethemes", "product": "Nanosoft", "versions": [{"status": "affected", "changes": [{"at": "1.3.2", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "< 1.3.2"}], "packageName": "nanosoft", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-03-13T12:41:13.267Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/nanosoft/vulnerability/wordpress-nanosoft-theme-1-3-2-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Nanosoft: from n/a through < 1.3.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-13T11:42:10.444Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32390", "state": "PUBLISHED", "dateUpdated": "2026-03-16T15:38:48.396Z", "dateReserved": "2026-03-12T11:11:09.667Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:10.444Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en linethemes Nanosoft nanosoft permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Nanosoft: desde n/a hasta &lt; 1.3.2."}], "id": "CVE-2026-32390", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:54.420", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/nanosoft/vulnerability/wordpress-nanosoft-theme-1-3-2-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.2)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "1.3.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Nanosoft", "source": "cna", "vendor": "linethemes"}, "product": "nanosoft", "vendor": "linethemes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-17T16:11:45.567014+00:00", "value": {"mitigation_remediation": ["Update the Nanosoft theme to version 1.3.2 or later."], "summary": {"action": "Patch", "impact": "Unauthorized Access (Privilege Escalation)"}, "threat_synthesis": {"affected_systems": "The affected product is the WordPress Nanosoft theme from linethemes. All versions prior to 1.3.2 (i.e., n/a through < 1.3.2) are affected. Users running those versions should review their installation for potential exploitation paths.", "description_and_impact": "The vulnerability is a Missing Authorization flaw in the WordPress Nanosoft theme that allows an attacker to perform actions beyond what a legitimate user is allowed. This broken access control can enable an attacker to create, edit, or delete content, or manage other users, thereby compromising the integrity and confidentiality of the website. The weakness is classified as CWE-862, indicating improper authorization checks.", "risk_and_exploitability": "The CVSS base score is 5.4, indicating a medium severity. The EPSS score is below 1%, suggesting a low likelihood of widespread exploitation at the present time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely remote via the web interface, but the exact method of exploitation is not detailed in the data."}}}}, "created": "2026-03-16T09:34:21.576546+00:00", "updated": "2026-03-23T12:04:10.876385+00:00", "vendors": ["linethemes", "linethemes$PRODUCT$nanosoft", "wordpress", "wordpress$PRODUCT$wordpress"]}