Description
Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw in Ex-Themes WP Food that allows an attacker to exploit incorrectly configured access control security levels. The issue can be classified under CWE-862 and results in unauthorized access to plugin features or data, potentially enabling data disclosure or modification.

Affected Systems

All installations of the WP Food plugin from the earliest releases up to, but not including, version 2.7.1 are affected.

Risk and Exploitability

The CVSS score is 5.3, indicating a moderate severity. The EPSS score is below 1%, suggesting a low probability of exploitation currently. The vulnerability has not been listed in the CISA KEV catalog. Given that it is a broken access control flaw, an attacker would likely need authenticated access to the WordPress site's backend or the plugin's interface, but no special privileges are required beyond that. Because the exploit path is straightforward and the EPSS is low, the overall risk is considered moderate, yet administrators should still remediate promptly.

Generated by OpenCVE AI on March 19, 2026 at 15:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WP Food plugin to version 2.7.1 or later.
  • Verify that the plugin has been updated to the patched version.
  • If an update is not immediately feasible, restrict access to the plugin’s administrative pages or disable the plugin until a patch can be applied.
  • Monitor site logs for any unauthorized or anomalous activity related to the WP Food plugin.

Generated by OpenCVE AI on March 19, 2026 at 15:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Ex-themes
Ex-themes wp Food
Wordpress
Wordpress wordpress
Vendors & Products Ex-themes
Ex-themes wp Food
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.
Title WordPress WP Food plugin < 2.7.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Ex-themes Wp Food
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:17.301Z

Reserved: 2026-03-12T11:11:35.693Z

Link: CVE-2026-32440

cve-icon Vulnrichment

Updated: 2026-03-13T15:39:26.596Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:04.473

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32440

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:24Z

Weaknesses