Description
Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass
Action: Patch
AI Analysis

Impact

Missing Authorization vulnerability in the WebGeniusLab BigHearts theme allows attackers to bypass correctly configured access control security levels, giving them unauthorized access to functionalities or data that should be restricted. The weakness is classified as CWE-862. This can lead to unauthorized data exposure or manipulation, compromising the confidentiality, integrity, and availability of the website content.

Affected Systems

All installations of the BigHearts theme from the earliest available version through and including version 3.1.14 are affected. The affected product is the BigHearts theme provided by WebGeniusLab for WordPress sites.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity. The EPSS score is reported as less than 1 %, suggesting a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack likely requires an authenticated user with limited privileges to exploit missing authorization checks, allowing that user to perform actions beyond their intended scope. The impact is confined to the WordPress site and does not involve remote code execution or system compromise beyond the scope of the site.

Generated by OpenCVE AI on March 19, 2026 at 15:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest BigHearts theme version (3.1.15 or newer).
  • If an update is not immediately available, disable the BigHearts theme until a fix is released or consult WebGeniusLab for a vendor‑specific patch.

Generated by OpenCVE AI on March 19, 2026 at 15:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Webgeniuslab
Webgeniuslab bighearts
Wordpress
Wordpress wordpress
Vendors & Products Webgeniuslab
Webgeniuslab bighearts
Wordpress
Wordpress wordpress

Sat, 14 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14.
Title WordPress BigHearts theme <= 3.1.14 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Webgeniuslab Bighearts
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:17.078Z

Reserved: 2026-03-12T11:11:35.693Z

Link: CVE-2026-32439

cve-icon Vulnrichment

Updated: 2026-03-13T18:46:41.589Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:04.270

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32439

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:25Z

Weaknesses