Description
Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions.
Published: 2026-07-02
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Werkstatt theme version 4.7.2 and earlier contain a broken access control flaw that allows a WordPress user with the Subscriber role to perform actions that should only be available to higher‑privileged roles. This elevation can enable the user to modify site content, settings, or other protected data, thereby compromising the integrity and possibly the confidentiality of the website.

Affected Systems

The vulnerability affects the Fuelthemes Werkstatt theme on WordPress installations running any version up to and including 4.7.2.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity, and the lack of an EPSS score and KEV listing suggests that exploitation is not widespread yet. The flaw can be leveraged by any normal site subscriber, meaning the attack vector is local user access, and the attacker can exploit this without needing elevated credentials or remote access.

Generated by OpenCVE AI on July 2, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Werkstatt theme to version 4.7.3 or later, which contains the fix for the broken access control issue.
  • If the theme must remain in use for the time being, disable it or switch to a non‑vulnerable theme to prevent the flaw from being leveraged.
  • Adjust the Subscriber role permissions to remove capabilities that interact with theme settings or content editing, or use a role‑management plugin to enforce stricter access controls.

Generated by OpenCVE AI on July 2, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions.
Title WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T15:52:52.711Z

Reserved: 2026-06-25T08:03:50.157Z

Link: CVE-2026-57689

cve-icon Vulnrichment

Updated: 2026-07-02T13:33:25.468Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:15:03Z

Weaknesses