Description
Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Update
AI Analysis

Impact

The vulnerability is a Missing Authorization flaw in the Kalon theme for WordPress, allowing an attacker to access or modify content that should be protected by the theme’s access controls. It is identified as CWE-862 and can lead to unauthorized actions within the site, potentially exposing sensitive data or enabling further compromise.

Affected Systems

Affected vendors and products include the raratheme Kalon theme. All versions from the earliest available through Kalon version 1.2.9 are impacted; the issue is active on any site using Kalon 1.2.9 or earlier.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of <1% suggests exploitation is currently unlikely. It is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a web‑based request to the WordPress site that leverages the theme’s incorrect access control settings. No specific exploitation conditions are detailed beyond the missing authorization check.

Generated by OpenCVE AI on March 19, 2026 at 14:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Kalon theme to the latest available version (or a version above 1.2.9).
  • If an update is not yet available, restrict the theme’s usage to trusted administrators only and verify that normal access controls are enforced on all theme‑related pages.
  • Monitor site logs for unauthorized access attempts and promptly apply any future patches once released.

Generated by OpenCVE AI on March 19, 2026 at 14:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Raratheme
Raratheme kalon
Wordpress
Wordpress wordpress
Vendors & Products Raratheme
Raratheme kalon
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.
Title WordPress Kalon theme <= 1.2.9 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Raratheme Kalon
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:03.542Z

Reserved: 2026-03-12T11:10:59.412Z

Link: CVE-2026-32376

cve-icon Vulnrichment

Updated: 2026-03-13T18:45:22.330Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:52.267

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32376

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:04:22Z

Weaknesses