Description
Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Patch Now
AI Analysis

Impact

The vulnerability is a missing authorization flaw (CWE-862) in the raratheme Construction Landing Page WordPress theme that allows attackers to exploit incorrectly configured access control security levels. This flaw can enable unauthorized users to perform any administrative tasks within the theme’s interface, such as overriding theme configurations, inserting malicious content, or accessing sensitive data stored in the theme settings. The primary impact is loss of integrity and potential confidentiality of theme data, as the flaw does not provide direct code execution but permits unauthorized manipulation of theme functionality.

Affected Systems

Affected vendors: raratheme. Product: Construction Landing Page Theme. All releases from the initial deployment up to and including version 1.4.1 are vulnerable, as documented by the vendor.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity; the EPSS score of less than 1% suggests a low probability of exploitation in the near term. The vulnerability is not listed in the CISA KEV catalog, so it is not known to be actively exploited in the wild. Likely attack vector is through the WordPress web interface, targeting the theme’s administrative pages. Because the flaw is a missing authorization, any user who can reach the theme admin area could potentially exploit it without additional credentials.

Generated by OpenCVE AI on March 19, 2026 at 15:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update raratheme Construction Landing Page to a secure release (>= 1.4.2).
  • If an update is unavailable, disable administrative access to the theme or remove the theme from the WordPress installation.
  • Monitor the site for unauthorized changes to theme settings and review audit logs regularly.

Generated by OpenCVE AI on March 19, 2026 at 15:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Rarathemes
Rarathemes construction Landing Page
Wordpress
Wordpress wordpress
Vendors & Products Rarathemes
Rarathemes construction Landing Page
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.
Title WordPress Construction Landing Page theme <= 1.4.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Rarathemes Construction Landing Page
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:54.133Z

Reserved: 2026-03-12T11:10:35.808Z

Link: CVE-2026-32338

cve-icon Vulnrichment

Updated: 2026-03-13T18:44:32.625Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:44.687

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32338

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:16Z

Weaknesses