Description
Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability exists because the Influencer WordPress theme incorrectly configures access control security levels, allowing users who normally lack certain privileges to perform unauthorized actions. This flaw, identified as CWE-862, can lead to malicious content manipulation and configuration changes on the affected WordPress site.

Affected Systems

The raratheme Influencer WordPress theme is vulnerable in all releases from its earliest version through version 1.1.7 inclusive. Any installation of the theme with a version number less than or equal to 1.1.7 is within scope.

Risk and Exploitability

The CVSS base score of 5.3 denotes medium severity. An EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The description does not specify an attack vector, but based on the nature of the flaw it is inferred that exploitation could occur via the website’s front‑end or back‑end interfaces, targeting users with insufficient privileges.

Generated by OpenCVE AI on March 19, 2026 at 16:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Influencer theme to version 1.1.8 or newer as soon as a patch is available.

Generated by OpenCVE AI on March 19, 2026 at 16:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Raratheme
Raratheme influencer
Wordpress
Wordpress wordpress
Vendors & Products Raratheme
Raratheme influencer
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.
Title WordPress Influencer theme <= 1.1.7 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Raratheme Influencer
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:01.095Z

Reserved: 2026-03-12T11:10:59.411Z

Link: CVE-2026-32370

cve-icon Vulnrichment

Updated: 2026-03-13T18:45:10.174Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:51.350

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32370

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:58:48Z

Weaknesses