Description
Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Apply Patch
AI Analysis

Impact

This vulnerability in the Ridhi theme for WordPress is a missing authorization flaw that allows users to perform actions or view data that should be restricted. The weakness is identified as CWE-862 (Missing Authorization). An attacker who can trigger the theme's functionality may gain unauthorized access to administrative features or expose private content.

Affected Systems

The issue affects all releases of the Ridhi theme up to and including version 1.1.2. In particular, any site that has the theme installed with a version <= 1.1.2 is susceptible. The vendor responsible for the theme is raratheme. No sub‑product or OS dependencies are mentioned.

Risk and Exploitability

The CVSS score for this vulnerability is 5.3, indicating a moderate risk level. EPSS is below 1%, suggesting that currently there is a low probability of exploitation in the wild, and the vulnerability is not listed in CISA's KEV catalog. The attack vector is likely web‑based and requires a user that can interact with the theme's interface or URLs. An attacker would need to supply particular input or access routes that bypass the missing authorization checks to successfully exploit the vulnerability.

Generated by OpenCVE AI on March 19, 2026 at 14:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Ridhi theme to a version newer than 1.1.2.
  • If immediate update is not possible, restrict user roles that can access the theme’s privileged features and remove any vulnerable hooks or shortcodes.
  • Verify that authentication and authorization checks are enforced for all theme‑related endpoints.
  • Keep WordPress core and other plugins updated to reduce overall attack surface.

Generated by OpenCVE AI on March 19, 2026 at 14:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Raratheme
Raratheme ridhi
Wordpress
Wordpress wordpress
Vendors & Products Raratheme
Raratheme ridhi
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2.
Title WordPress Ridhi theme <= 1.1.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Raratheme Ridhi
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:06.333Z

Reserved: 2026-03-12T11:11:04.189Z

Link: CVE-2026-32383

cve-icon Vulnrichment

Updated: 2026-03-13T20:30:32.370Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:53.500

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32383

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:04:16Z

Weaknesses