Description
Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.
Published: 2026-04-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Patch
AI Analysis

Impact

A missing authorization flaw in CKThemes Flipmart theme allows attackers to perform actions beyond their intended privileges. By exploiting incorrectly configured access control settings, a malicious user could manipulate the WordPress site, potentially modifying or deleting content, theme settings, or other configuration data. The vulnerability is rooted in an authorization deficiency that permits unauthorized execution of privileged functions within the theme.

Affected Systems

WordPress installations that include the CKThemes Flipmart theme for versions 2.8 and earlier are affected. The issue impacts sites that have not upgraded beyond the 2.8 release and still rely on the theme’s default configuration.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is below 1%, suggesting a low probability of exploitation in the wild. The weakness is not currently listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation likely requires an authenticated user or someone who can log in with sufficient privileges, as the flaw stems from improper access control within the theme’s code. Attackers may leverage known user credentials or employ credential stuffing attacks to gain a foothold and then carry out unauthorized actions.

Generated by OpenCVE AI on April 8, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review WordPress user role assignments and ensure that only necessary capabilities are granted to existing accounts

Generated by OpenCVE AI on April 8, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Ckthemes
Ckthemes flipmart
Wordpress
Wordpress wordpress
Vendors & Products Ckthemes
Ckthemes flipmart
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.
Title WordPress Flipmart theme <= 2.8 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Ckthemes Flipmart
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T13:07:29.040Z

Reserved: 2026-04-07T10:58:29.177Z

Link: CVE-2026-39716

cve-icon Vulnrichment

Updated: 2026-04-08T13:04:51.699Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:44.663

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-39716

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:40:00Z

Weaknesses