Description
Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the raratheme Lawyer Landing Page theme for WordPress, allowing attackers to exploit incorrectly configured access control security levels (CWE‑862). This broken access control can let unauthorized users gain access to restricted content or configuration settings within the theme, potentially exposing sensitive information or allowing further compromise of the WordPress site. The CVE description confirms the issue arises from improper validation of user permissions.

Affected Systems

Affecting the raratheme Lawyer Landing Page WordPress theme, all versions from the initial release up to and including 1.2.7 are impacted. Administrators and site owners using any version of the theme equal to or older than 1.2.7 should consider the vulnerability present.

Risk and Exploitability

The vulnerability has a CVSS score of 5.3, indicating moderate risk. The EPSS score is below 1%, suggesting few exploit attempts observed so far, and it is not listed in the CISA KEV catalog. Attackers could potentially exploit the flaw remotely by interacting with the WordPress site, leveraging the theme’s weaknesses in access control. While the current exploitation likelihood appears low, the moderate severity warrants prompt attention to prevent unauthorized access.

Generated by OpenCVE AI on March 19, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Lawyer Landing Page theme to a version newer than 1.2.7
  • Verify that user roles and permissions are correctly configured in WordPress
  • If a newer theme version is not available, consider disabling the theme or removing any privileged functionality it provides
  • Monitor web server logs for suspicious access attempts

Generated by OpenCVE AI on March 19, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Rarathemes
Rarathemes lawyer Landing Page
Wordpress
Wordpress wordpress
Vendors & Products Rarathemes
Rarathemes lawyer Landing Page
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.
Title WordPress Lawyer Landing Page theme <= 1.2.7 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Rarathemes Lawyer Landing Page
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:23.311Z

Reserved: 2026-03-12T11:11:55.348Z

Link: CVE-2026-32487

cve-icon Vulnrichment

Updated: 2026-03-13T13:51:33.001Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:09.110

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32487

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:02Z

Weaknesses