Cream Blog

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-39648 MEDIUM This Month

Missing authorization in themebeez Cream Blog WordPress theme versions up to 2.1.7 allows unauthenticated remote attackers to bypass access controls and read sensitive information due to incorrectly configured access control security levels. With a CVSS score of 5.3 and EPSS exploitation probability of 0.02% (4th percentile), this represents a low real-world exploitation risk despite the network-accessible attack vector. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Cream Blog

NVD

CVSS 3.1

5.3

EPSS

0.0%

CVE-2026-39648

EPSS 0% CVSS 5.3

MEDIUM This Month

Missing authorization in themebeez Cream Blog WordPress theme versions up to 2.1.7 allows unauthenticated remote attackers to bypass access controls and read sensitive information due to incorrectly configured access control security levels. With a CVSS score of 5.3 and EPSS exploitation probability of 0.02% (4th percentile), this represents a low real-world exploitation risk despite the network-accessible attack vector. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Cream Blog

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy