Skip to main content

VW Wedding EUVDEUVD-2026-43395

| CVE-2026-57776 MEDIUM
Missing Authorization (CWE-862)
2026-07-13 Patchstack
5.3
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vuln.today AI
5.3 MEDIUM

Network-reachable WordPress endpoint with no auth required; impact limited to availability per description and CWE-862 scope, no confidentiality or integrity evidence.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 13, 2026 - 11:20 vuln.today

DescriptionCVE.org

Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through <= 1.3.7.

AnalysisAI

Broken access control in the VW Wedding WordPress theme (vowelweb) allows unauthenticated remote attackers to exploit incorrectly configured authorization checks, resulting in limited availability impact against affected WordPress installations. All versions through 1.3.7 are affected per the CPE string cpe:2.3:a:vowelweb:vw_wedding. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running VW Wedding theme
Delivery
Locate unprotected theme AJAX or REST endpoint
Exploit
Send unauthenticated HTTP request with crafted parameters
Execution
Bypass missing authorization check
Impact
Trigger restricted operation causing availability impact

Vulnerability AssessmentAI

Exploitation Exploitation requires the target WordPress site to have the VW Wedding theme by vowelweb installed and active in version 1.3.7 or earlier. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.3 (Medium) reflects a network-reachable (AV:N), low-complexity (AC:L), unauthenticated (PR:N) vector, but the impact metrics are constrained: no confidentiality loss (C:N), no integrity impact (I:N), and only low availability impact (A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker identifies a WordPress site running VW Wedding theme version 1.3.7 or earlier - discoverable via HTTP response headers or source inspection - and sends a crafted HTTP request to a theme-registered endpoint that lacks authorization checks. The missing authorization gate allows the request to succeed without credentials, triggering a restricted operation that results in limited availability degradation of the WordPress instance. …
Remediation No specific fixed version is identified in the available data; no exact patch version can be cited from the provided references. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43395 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy