Description
Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access/Privilege Escalation
Action: Patch Now
AI Analysis

Impact

The Rara Academic WordPress theme version 1.2.2 and earlier contains a missing authorization flaw where the theme’s administrative interface does not enforce proper access controls, allowing attackers to perform privileged operations that should be restricted to authorized users. This vulnerability can lead to unauthorized content injection, modification, or deletion, compromising the integrity and confidentiality of the site. The weakness aligns with CWE-862, Missing Authorization.

Affected Systems

This issue affects the Rara Academic theme distributed by raratheme, from the earliest available version up through version 1.2.2 inclusive. Any WordPress installation using one of these theme versions is potentially impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity risk, and the EPSS score of less than 1% suggests low probability of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves web-based requests to administrative pages; it is inferred that an attacker may need an authenticated user context to exploit the missing authorization controls, although the description does not explicitly state the requirement for authentication. Given the medium score and low exploit probability, ongoing monitoring and timely patching are advised.

Generated by OpenCVE AI on March 19, 2026 at 14:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Rara Academic theme to the latest available version that implements the missing authorization fix
  • Verify that WordPress user roles and capabilities are configured correctly to enforce least privilege on administrative interfaces
  • If an immediate update is not possible, review and restrict access to sensitive backend endpoints so that only properly privileged users can access them

Generated by OpenCVE AI on March 19, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Raratheme
Raratheme rara Academic
Wordpress
Wordpress wordpress
Vendors & Products Raratheme
Raratheme rara Academic
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.
Title WordPress Rara Academic theme <= 1.2.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Raratheme Rara Academic
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:05.137Z

Reserved: 2026-03-12T11:11:04.189Z

Link: CVE-2026-32379

cve-icon Vulnrichment

Updated: 2026-03-13T20:30:57.766Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:52.800

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32379

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:04:20Z

Weaknesses