Skip to main content

EduMall Theme EUVDEUVD-2026-43413

| CVE-2026-57797 MEDIUM
Missing Authorization (CWE-862)
2026-07-13 Patchstack
4.3
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
vuln.today AI
4.3 MEDIUM

Network-exploitable but requires authenticated low-privileged account; impact is limited to low availability with no confidentiality or integrity consequence per description.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 13, 2026 - 11:18 vuln.today

DescriptionCVE.org

Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through <= 4.5.1.

AnalysisAI

Broken access control in ThemeMove's EduMall WordPress theme (versions through 4.5.1) permits authenticated low-privileged users to invoke restricted functionality without proper authorization checks. An attacker with any valid WordPress account can bypass the intended access control tiers and trigger actions that degrade site availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged WordPress account
Delivery
Identify EduMall AJAX or REST endpoint lacking capability check
Exploit
Send authenticated crafted HTTP request
Execution
Bypass missing authorization gate
Persist
Trigger restricted theme action
Impact
Cause low-level availability degradation

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold at minimum a low-privileged WordPress account on the target site (PR:L per CVSS). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 4.3 (Medium) is consistent with the impact profile: no confidentiality or integrity loss, and only low availability degradation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a free account on a WordPress site running EduMall (or uses existing credentials as a student/subscriber), then crafts an authenticated HTTP POST request directly to an EduMall-registered AJAX handler or REST endpoint that lacks a capability check. Because the missing authorization gate is never enforced, the request executes a privileged action - such as triggering a bulk operation or clearing a cache - that degrades site responsiveness for other users.
Remediation Update EduMall to a version released after 4.5.1; no specific patched version number is confirmed in the available data, so administrators should check the ThemeForest changelog or the Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/edumall/vulnerability/wordpress-edumall-theme-4-5-0-broken-access-control-vulnerability for the exact fix version before upgrading. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43413 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy