Skip to main content

Biolife EUVDEUVD-2026-20268

| CVE-2026-39624 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 15, 2026 - 12:42 vuln.today
CVSS changed
Apr 13, 2026 - 19:37 NVD
5.3 (MEDIUM)
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20268
CVE Published
Apr 08, 2026 - 08:30 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.

AnalysisAI

Incorrectly configured access control in kutethemes Biolife WordPress theme version 3.2.3 and earlier allows unauthenticated remote attackers to bypass authorization checks and modify content via arbitrary shortcode execution. The vulnerability requires no authentication and can be exploited over the network with low complexity, affecting the integrity of web content served to visitors. EPSS score of 0.02% indicates minimal real-world exploitation probability despite network-accessible attack vector.

Technical ContextAI

The kutethemes Biolife theme implements shortcode functionality in WordPress without proper authorization validation (CWE-862: Missing Authorization). Shortcodes are WordPress's mechanism for embedding dynamic content via simple markup tags. The vulnerability stems from inadequate access control checks when processing these shortcode requests, allowing unauthenticated users to execute shortcodes that should be restricted to administrators or editors. WordPress themes typically filter user input through the do_shortcode() function; improper permission checking before executing shortcode callbacks creates this exposure. The affected component is the theme's shortcode handler logic, which fails to verify user capabilities (administrator, editor, contributor roles) before executing theme-specific shortcodes that can modify or inject content.

RemediationAI

Upgrade kutethemes Biolife theme to version 3.2.4 or later, which includes authorization checks for shortcode execution. Site administrators should navigate to WordPress Dashboard → Appearance → Themes, locate Biolife in the theme list, and select 'Update' if available, or manually download the latest version from the theme vendor and upload via SFTP or WordPress theme upload interface. Until patched, temporarily disable the Biolife theme or replace it with an alternative theme that has been audited for authorization vulnerabilities. Consult the Patchstack advisory (https://patchstack.com/database/Wordpress/Theme/biolife/vulnerability/wordpress-biolife-theme-3-2-3-arbitrary-shortcode-execution-vulnerability) for confirmation of patch availability and any interim guidance from kutethemes.

Share

EUVD-2026-20268 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy