Description
Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.
Published: 2026-03-13
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Update Theme
AI Analysis

Impact

This vulnerability involves improper access control checks in the linethemes GLB WordPress theme, classified as CWE-862. Key detail from the CVE description: "Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels." The flaw enables an attacker to perform actions normally restricted to authorized users, potentially exposing or modifying site content and settings, thereby compromising data integrity and confidentiality.

Affected Systems

Affected product: linethemes GLB Theme for WordPress. Version range: all releases up to and including 1.2.2. Users operating any version 1.2.2 or earlier are vulnerable.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. It is not listed in the CISA KEV catalogue. The likely attack vector is via the WordPress web interface (HTTP/HTTPS) where an attacker can exploit the missing authorization checks. Based on the description, it is inferred that no additional authentication or environmental prerequisites are required beyond access to the external interface.

Generated by OpenCVE AI on March 19, 2026 at 15:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest GLB theme (version > 1.2.2) to remove the vulnerable component.
  • If no upgrade is available, deactivate or uninstall the GLB theme to eliminate the risk.
  • Verify that WordPress user roles and capabilities are correctly configured to prevent unintended privilege escalation.
  • Monitor site access logs for suspicious activity that may indicate exploitation attempts.
  • Maintain the WordPress core, all plugins, and themes at the latest secure versions to reduce overall attack surface.

Generated by OpenCVE AI on March 19, 2026 at 15:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Linethemes
Linethemes glb
Wordpress
Wordpress wordpress
Vendors & Products Linethemes
Linethemes glb
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.
Title WordPress GLB theme <= 1.2.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Linethemes Glb
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:07.374Z

Reserved: 2026-03-12T11:11:09.667Z

Link: CVE-2026-32388

cve-icon Vulnrichment

Updated: 2026-03-13T18:56:10.326Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:54.233

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32388

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:04:11Z

Weaknesses