Description
Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through <= 1.2.4.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Update Theme
AI Analysis

Impact

The vulnerability is a Missing Authorization flaw that permits exploitation of incorrectly configured access control security levels. This allows an attacker to bypass normal authorization checks and access content or administrative functions that should be restricted. The flaw is identified as CWE-862, indicating that the system fails to verify the identity or permissions of a user before allowing access. Consequently, an attacker could potentially read, modify, or delete content within the WordPress installation, compromising data confidentiality and integrity.

Affected Systems

The affected product is the WordPress theme Perfect Portfolio from raratheme. All releases from the initial version up to and including 1.2.4 are affected. No further granular version information is provided in the vendor or CVE data.

Risk and Exploitability

The CVSS score is 5.3, which reflects a medium severity vulnerability. The EPSS score is less than 1%, indicating a low probability of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector, inferred from the description of a broken access control, is an authenticated user or a user with insufficient privileges that can exploit the theme’s misconfigured permissions to gain unauthorized access. No official patch or workaround is currently available, increasing the risk for unpatched systems.

Generated by OpenCVE AI on March 19, 2026 at 15:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Perfect Portfolio theme to the latest version (greater than 1.2.4) if an update is available.
  • Verify that the theme is up-to-date by checking the theme’s version number in the WordPress dashboard.
  • Review and, if necessary, strengthen user role assignments and permissions within WordPress to ensure least‑privilege access.
  • Monitor WordPress logs for any suspicious content changes or unauthorized access attempts.

Generated by OpenCVE AI on March 19, 2026 at 15:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Rarathemes
Rarathemes perfect Portfolio
Wordpress
Wordpress wordpress
Vendors & Products Rarathemes
Rarathemes perfect Portfolio
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through <= 1.2.4.
Title WordPress Perfect Portfolio theme <= 1.2.4 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Rarathemes Perfect Portfolio
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:56.090Z

Reserved: 2026-03-12T11:10:35.809Z

Link: CVE-2026-32345

cve-icon Vulnrichment

Updated: 2026-03-13T20:11:20.315Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:46.087

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32345

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:10Z

Weaknesses