Description
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Patch Immediate
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the acmethemes Education Base WordPress theme that allows attackers to bypass intended access controls. This lacks proper authorization checks and corresponds to CWE‑862, enabling unauthorized reading, modification, or deletion of theme‑related content and compromising a site’s confidentiality and integrity.

Affected Systems

WordPress installations that use the acmethemes Education Base theme version 3.0.8 or earlier are vulnerable. All sites deploying any of these versions are at risk until the theme is updated or replaced.

Risk and Exploitability

Based on the description, it is inferred that the attack vector is remote through publicly accessible WordPress URLs that invoke theme functions lacking proper authentication. The CVSS score and EPSS are not available, and the vulnerability is not listed in CISA’s KEV catalog. Despite the absence of explicit metrics, the possibility of unauthenticated exploitation of privileged operations indicates a high risk. Attackers would require minimal effort to discover affected endpoints; however, no public exploits or detailed exploitation instructions have been disclosed.

Generated by OpenCVE AI on April 8, 2026 at 10:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Education Base theme to any version newer than 3.0.8.
  • Verify that the upgrade is successful and that all access controls behave as intended.
  • If an upgrade cannot be applied, replace the theme with a secure alternative or remove it entirely.

Generated by OpenCVE AI on April 8, 2026 at 10:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Acmethemes
Acmethemes education Base
Wordpress
Wordpress wordpress
Vendors & Products Acmethemes
Acmethemes education Base
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.
Title WordPress Education Base theme <= 3.0.8 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Acmethemes Education Base
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:26.564Z

Reserved: 2026-04-07T10:57:27.974Z

Link: CVE-2026-39622

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:32.410

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39622

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:41:54Z

Weaknesses