Description
Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.
Published: 2026-03-13
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access (Privilege Escalation)
Action: Patch
AI Analysis

Impact

The vulnerability is a Missing Authorization flaw in the WordPress Nanosoft theme that allows an attacker to perform actions beyond what a legitimate user is allowed. This broken access control can enable an attacker to create, edit, or delete content, or manage other users, thereby compromising the integrity and confidentiality of the website. The weakness is classified as CWE-862, indicating improper authorization checks.

Affected Systems

The affected product is the WordPress Nanosoft theme from linethemes. All versions prior to 1.3.2 (i.e., n/a through < 1.3.2) are affected. Users running those versions should review their installation for potential exploitation paths.

Risk and Exploitability

The CVSS base score is 5.4, indicating a medium severity. The EPSS score is below 1%, suggesting a low likelihood of widespread exploitation at the present time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely remote via the web interface, but the exact method of exploitation is not detailed in the data.

Generated by OpenCVE AI on March 17, 2026 at 16:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Nanosoft theme to version 1.3.2 or later.

Generated by OpenCVE AI on March 17, 2026 at 16:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Linethemes
Linethemes nanosoft
Wordpress
Wordpress wordpress
Vendors & Products Linethemes
Linethemes nanosoft
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.
Title WordPress Nanosoft theme < 1.3.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Linethemes Nanosoft
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:07.530Z

Reserved: 2026-03-12T11:11:09.667Z

Link: CVE-2026-32390

cve-icon Vulnrichment

Updated: 2026-03-16T15:36:46.318Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:54.420

Modified: 2026-03-16T16:16:15.017

Link: CVE-2026-32390

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:04:10Z

Weaknesses