Description
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Shortcode Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in the kutethemes Biolife theme arises from missing authorization controls that allow attackers to exploit incorrectly configured access levels. This flaw enables the execution of arbitrary WordPress shortcodes, which can be leveraged to insert malicious code or content into a site’s output. The weakness is identified as a missing access control (CWE‑862). In effect, an attacker can potentially run any shortcode they supply, leading to unauthorized code execution and significant compromise of content and site integrity.

Affected Systems

The affected product is the Biolife WordPress theme from kutethemes. All releases from the initial version through 3.2.3 are susceptible. Users running any of these versions on a WordPress installation are at risk, regardless of site size or audience.

Risk and Exploitability

Given the lack of publicly available CVSS and EPSS scores, the risk can be inferred to be high, as the flaw permits code execution without authentication. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploitation yet, but the potential impact remains severe. The likely attack vector involves an adversary gaining the ability to inject or modify shortcodes via the theme’s interfaces or by manipulating input that triggers shortcode processing. Exploitation requires no special privileges and can be performed by anyone with access to the sites using the vulnerable theme.

Generated by OpenCVE AI on April 8, 2026 at 09:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Biolife theme to a version newer than 3.2.3.
  • If an upgrade is not immediately possible, disable the execution of shortcodes on the site or restrict shortcode usage to trusted users via a restriction plugin.
  • Ensure that role‑based access controls are correctly configured so that only authorized administrators can edit content that includes shortcodes.
  • Monitor site logs for unexpected shortcode usage or error messages that could indicate exploitation attempts.
  • Check the theme developer’s website or support channels for additional security advisories or temporary fixes.

Generated by OpenCVE AI on April 8, 2026 at 09:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Kutethemes
Kutethemes biolife
Wordpress
Wordpress wordpress
Vendors & Products Kutethemes
Kutethemes biolife
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.
Title WordPress Biolife theme <= 3.2.3 - Arbitrary Shortcode Execution vulnerability
Weaknesses CWE-862
References

Subscriptions

Kutethemes Biolife
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:27.029Z

Reserved: 2026-04-07T10:57:36.650Z

Link: CVE-2026-39624

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:32.673

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39624

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:41:51Z

Weaknesses