Description
Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Access Control Bypass
Action: Apply Patch
AI Analysis

Impact

The vulnerability in the raratheme App Landing Page theme for WordPress is a missing authorization flaw that allows an attacker to bypass standard access control checks. This can enable unauthorized viewing or alteration of content, settings, or other data within the WordPress site. The flaw is classified as CWE-862 – Missing Authorization, and no mention of denial of service or code execution is provided in the description.

Affected Systems

The affected product is raratheme's App Landing Page theme for WordPress. All installations running any version up to and including 1.2.2 are susceptible, while the description does not indicate any specific earlier releases.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score is below 1%, suggesting that large‑scale exploitation is unlikely. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves sending crafted HTTP requests to endpoints that lack proper authorization checks, though the CVE data does not explicitly confirm this; this inference is drawn from the mention of incorrectly configured access control security levels.

Generated by OpenCVE AI on March 19, 2026 at 15:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the App Landing Page theme to the latest version (1.2.3 or newer).
  • If an immediate update is not possible, restrict the theme’s page templates or settings to administrators only.

Generated by OpenCVE AI on March 19, 2026 at 15:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Raratheme
Raratheme app Landing Page
Wordpress
Wordpress wordpress
Vendors & Products Raratheme
Raratheme app Landing Page
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2.
Title WordPress App Landing Page theme <= 1.2.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Raratheme App Landing Page
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:05.807Z

Reserved: 2026-03-12T11:11:04.189Z

Link: CVE-2026-32381

cve-icon Vulnrichment

Updated: 2026-03-13T20:30:56.236Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:53.160

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32381

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:04:18Z

Weaknesses