Description
Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Newses: from n/a through 2.0.0.77.
Published: 2026-05-25
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE identifies a missing authorization flaw in the Themeansar Newses WordPress theme up to version 2.0.0.77 that allows attackers to bypass configured access control checks. This flaw enables unauthorized users to view or modify content that should be protected, or perform privileged operations without proper authentication. The weakness is classified as CWE-862: Missing Authorization.

Affected Systems

The vulnerable component is the Themeansar Newses WordPress theme for all releases up to and including version 2.0.0.77. Users running any earlier or noted version of this theme are potentially affected.

Risk and Exploitability

The CVSS score of 5.4 indicates a medium severity impact. EPSS data is not available, so the exact likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker with the ability to send crafted requests to the WordPress site—either authenticated or unauthenticated—could exploit the flaw via the theme’s administrative interface or front‑end pages. No additional prerequisites beyond standard WordPress access appear to be required, making the attack vector likely through the application layer.

Generated by OpenCVE AI on May 25, 2026 at 22:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Themeansar Newses theme to a version newer than 2.0.0.77
  • Remove any residual files from the old theme that may still be present in the WordPress installation
  • Review and enforce strict access controls on theme editing functions to prevent unauthorized modification of theme code

Generated by OpenCVE AI on May 25, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Themeansar
Themeansar newses
Wordpress
Wordpress wordpress
Vendors & Products Themeansar
Themeansar newses
Wordpress
Wordpress wordpress

Mon, 25 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Newses: from n/a through 2.0.0.77.
Title WordPress Newses theme <= 2.0.0.77 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Themeansar Newses
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-26T15:19:37.482Z

Reserved: 2026-01-23T12:32:07.880Z

Link: CVE-2026-24586

cve-icon Vulnrichment

Updated: 2026-05-26T15:19:32.976Z

cve-icon NVD

Status : Received

Published: 2026-05-25T22:16:33.003

Modified: 2026-05-25T22:16:33.003

Link: CVE-2026-24586

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T12:59:58Z

Weaknesses