Description
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access via Broken Access Control
Action: Apply Patch
AI Analysis

Impact

The RadiusTheme Team plugin contains a missing authorization flaw that allows an attacker to perform actions beyond the intended access control, enabling unauthorized access or modification of data within the WordPress site. The primary weakness is a missing authorization mechanism (CWE-862). According to the description, exploitation of this vulnerability could result in unauthorized changes but does not guarantee privilege escalation.

Affected Systems

The RadiusTheme Team plugin, version 5.0.13 and earlier, is affected. The vulnerability applies to all releases from the initial version up to and including 5.0.13. No other version details are provided.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is remote via the WordPress web interface, as the flaw resides in a plugin accessed through HTTP requests. Exploitation would likely require the attacker to interact with the plugin's endpoints, but no authentication escalation beyond plugin-level privileges is explicitly described.

Generated by OpenCVE AI on March 19, 2026 at 15:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the RadiusTheme Team plugin to version 5.0.14 or later
  • If an update is not immediately possible, disable the plugin or restrict its use to trusted administrators
  • Check the vendor's website or support channels for patches and advisories

Generated by OpenCVE AI on March 19, 2026 at 15:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Radiustheme
Radiustheme team
Wordpress
Wordpress wordpress
Vendors & Products Radiustheme
Radiustheme team
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.
Title WordPress Team plugin <= 5.0.13 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Radiustheme Team
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:08.629Z

Reserved: 2026-03-12T11:11:09.668Z

Link: CVE-2026-32396

cve-icon Vulnrichment

Updated: 2026-03-13T20:27:49.947Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:55.320

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32396

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:04:05Z

Weaknesses