Description
Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.
Published: 2026-02-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Sensitive Operations
Action: Apply Patch
AI Analysis

Impact

Missing Authorization in DevsBlink EduBlink theme allows attackers to misuse incorrectly configured access control layers. The weakness enables users without appropriate privileges to reach or manipulate functions that were intended to be restricted, potentially exposing or altering sensitive data or settings.

Affected Systems

The affected product is the DevsBlink EduBlink WordPress theme. All installations running version 2.0.7 or earlier are vulnerable; the risk extends across all environments that use these theme versions, regardless of the website content or hosting provider.

Risk and Exploitability

The CVSS score of 5.3 classifies the flaw as Medium severity, and an EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread active exploitation is documented. Attackers would likely need to perform a web‑based request that bypasses the theme’s internal access checks, leveraging the broken authorization logic to trigger privileged actions. Since no external authentication module is involved, the vector is mainly internal to the application.

Generated by OpenCVE AI on April 16, 2026 at 00:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade DevsBlink EduBlink theme to version 2.0.8 or later, if available.
  • If an immediate upgrade is not possible, disable the theme or any of its privileged features until a patch can be applied.
  • Perform a code audit of the theme’s administration functions and insert explicit role or capability checks before executing any sensitive operations.

Generated by OpenCVE AI on April 16, 2026 at 00:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Devsblink
Devsblink edublink
Wordpress
Wordpress wordpress
Vendors & Products Devsblink
Devsblink edublink
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Thu, 19 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.
Title WordPress EduBlink theme <= 2.0.7 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Devsblink Edublink
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:15:01.804Z

Reserved: 2026-02-19T09:51:27.897Z

Link: CVE-2026-27328

cve-icon Vulnrichment

Updated: 2026-02-19T21:27:59.485Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T21:18:32.677

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-27328

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T00:15:18Z

Weaknesses