Description
Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through <= 1.5.5.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a Missing Authorization flaw in the raratheme Travel Agency WordPress theme which allows exploitation of incorrectly configured access control security levels. This flaw permits unauthorized access to functionality or data that should be restricted. The weakness is classified as CWE-862.

Affected Systems

This issue affects installations of the Travel Agency theme from raratheme for WordPress with versions from n/a through 1.5.5 inclusive. Any WordPress site that is running version 1.5.5 or earlier is potentially vulnerable.

Risk and Exploitability

With a CVSS score of 5.3 the vulnerability is of moderate severity. The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low probability of widespread exploitation in the near term. The attack vector is inferred to be web‑based, whereby an attacker can interact with the WordPress site and send crafted requests to areas that are not properly protected due to incorrect access control configuration. No specific exploitation prerequisites are disclosed in the available information.

Generated by OpenCVE AI on March 19, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Travel Agency theme to the latest available version (for example 1.5.6 or newer if released).
  • Verify that role‑based access control settings in your WordPress installation are correctly configured to prevent unauthorized access.

Generated by OpenCVE AI on March 19, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Rarathemes
Rarathemes travel Agency
Wordpress
Wordpress wordpress
Vendors & Products Rarathemes
Rarathemes travel Agency
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through <= 1.5.5.
Title WordPress Travel Agency theme <= 1.5.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Rarathemes Travel Agency
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:56.278Z

Reserved: 2026-03-12T11:10:35.809Z

Link: CVE-2026-32346

cve-icon Vulnrichment

Updated: 2026-03-13T18:44:44.503Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:46.237

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32346

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:09Z

Weaknesses