Description
Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through <= 6.8.
Published: 2026-04-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Assess Impact
AI Analysis

Impact

Due to a missing authorization check in G5Theme G5Plus April, attackers may access or modify functions that are intended to be restricted. The vulnerability facilitates exploitation of incorrectly configured access control security levels, potentially enabling unauthorized content modification or elevation of privileges on a WordPress site. The weakness is categorized as CWE‑862: Missing Authorization.

Affected Systems

The issue affects deployments of the G5Plus April theme for WordPress, versions up to and including 6.8. Admins and users of WordPress sites that have installed this theme are therefore exposed.

Risk and Exploitability

The CVSS rating of 5.3 indicates a medium severity risk. The EPSS score of less than 1% suggests a low probability of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers are likely to reach the vulnerable code through normal web requests targeting the theme’s administrative interfaces; however, this is inferred from the nature of the missing authorization checks, as the explicit attack vector is not detailed in the description.

Generated by OpenCVE AI on April 8, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify WordPress installations using G5Plus April version 6.8 or earlier.
  • If an updated theme version is available, apply the upgrade immediately.
  • If an update is not available, restrict access to the theme’s administrative functions using web server rules or plugin hardening controls.
  • Regularly audit site content and user permissions for unauthorized changes.
  • Keep the WordPress core, plugins, and themes updated to the latest secure releases.

Generated by OpenCVE AI on April 8, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared G5theme
G5theme g5plus April
Wordpress
Wordpress wordpress
Vendors & Products G5theme
G5theme g5plus April
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through <= 6.8.
Title WordPress G5Plus April theme <= 6.8 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

G5theme G5plus April
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T13:09:27.163Z

Reserved: 2026-04-07T10:58:29.177Z

Link: CVE-2026-39714

cve-icon Vulnrichment

Updated: 2026-04-08T13:08:31.552Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:44.400

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-39714

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:40:03Z

Weaknesses