Description
Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through <= 1.3.2.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access via Broken Access Control
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a missing authorization issue in the raratheme Business One Page theme (versions up to 1.3.2). It allows an attacker to bypass intended access control and gain unauthorized access to protected functions or data within the WordPress site. The weakness is categorized as CWE-862 (Missing Authorization). If successfully exploited, an attacker could read or modify information that should be restricted, impacting the confidentiality and integrity of the site’s content.

Affected Systems

WordPress installations that have the raratheme Business One Page theme installed with a version number less than or equal to 1.3.2 are affected. The vulnerability applies to all earlier releases through 1.3.2 as indicated in the vendor’s affected list.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score is below 1 %, suggesting a low likelihood of wild exploitation. The vulnerability is not listed in the CISA KEV catalog. The missing authorization flaw likely requires an attacker to interact with the theme’s interface or API endpoints, presumably via crafted HTTP requests. The probable attack vector is remote through the web, typical of WordPress theme vulnerabilities, but specific exploitation details are not provided in the available description.

Generated by OpenCVE AI on March 19, 2026 at 15:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Business One Page theme to a version newer than 1.3.2 as soon as a patch is available
  • If a newer version is not immediately available, limit theme functionality to users with administrator privileges only
  • Verify that no insecure endpoints or file inclusions remain exposed by the theme
  • Regularly review the site for unauthorized user accounts or unexpected access patterns
  • Check the vendor’s website or support channels for any additional temporary mitigations

Generated by OpenCVE AI on March 19, 2026 at 15:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Rarathemes
Rarathemes business One Page
Wordpress
Wordpress wordpress
Vendors & Products Rarathemes
Rarathemes business One Page
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through <= 1.3.2.
Title WordPress Business One Page theme <= 1.3.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Rarathemes Business One Page
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:54.807Z

Reserved: 2026-03-12T11:10:35.809Z

Link: CVE-2026-32340

cve-icon Vulnrichment

Updated: 2026-03-13T18:44:38.560Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:45.067

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32340

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:15Z

Weaknesses