Description
Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access via Broken Access Control
Action: Apply Patch
AI Analysis

Impact

The vulnerability in the Benevolent theme arises from missing authorization checks that enable the exploitation of incorrectly configured access control security levels. As a result, an attacker who gains a user context may perform actions or view content that should be restricted to privileged users. This issue is formally identified as CWE-862, indicating an authorization flaw that can compromise the integrity and confidentiality of the web application.

Affected Systems

The affected product is the raratheme Benevolent theme for WordPress, with all releases from the earliest available version through version 1.3.9 susceptible to this weakness. The precise version range is noted as "from n/a through <= 1.3.9" in the vendor description.

Risk and Exploitability

The CVSS score of 5.3 places this vulnerability in the Medium severity range, while an EPSS score of less than 1% indicates a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, which suggests it has not been actively exploited by known threat actors at the time of reporting. The attack vector is inferred to be remote, via the WordPress front‑end or admin interface, assuming an attacker can host or overwrite theme files or otherwise trigger the missing authorization checks. Successful exploitation would allow an unauthenticated user to access protected areas or perform actions reserved for authenticated administrators.

Generated by OpenCVE AI on March 19, 2026 at 15:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Benevolent theme to the latest published version that corrects the access control issue; if a new release is not yet available, consider removing or disabling the theme until a patch is released.
  • Verify that the updated theme enforces appropriate authorization by attempting to access protected pages as an unprivileged user.
  • Apply WordPress core and plugin updates regularly and implement general hardening practices such as restricting file permissions, using a web application firewall, and monitoring logs for unauthorized activity.

Generated by OpenCVE AI on March 19, 2026 at 15:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Rarathemes
Rarathemes benevolent
Wordpress
Wordpress wordpress
Vendors & Products Rarathemes
Rarathemes benevolent
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9.
Title WordPress Benevolent theme <= 1.3.9 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Rarathemes Benevolent
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:55.193Z

Reserved: 2026-03-12T11:10:35.809Z

Link: CVE-2026-32341

cve-icon Vulnrichment

Updated: 2026-03-13T20:17:30.662Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:45.260

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32341

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:14Z

Weaknesses