Metro Magazine
Monthly
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing authorization controls in the Metro Magazine WordPress theme by Rara Themes (versions through 1.4.1) expose unauthenticated network attackers to restricted theme actions, yielding partial integrity and availability impact without any credential requirement. Rooted in CWE-862 (Missing Authorization), the flaw reflects a broken access control pattern common in WordPress themes that register AJAX or REST endpoints without validating the caller's privilege level. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; EPSS data was not provided in available intelligence.
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing authorization controls in the Metro Magazine WordPress theme by Rara Themes (versions through 1.4.1) expose unauthenticated network attackers to restricted theme actions, yielding partial integrity and availability impact without any credential requirement. Rooted in CWE-862 (Missing Authorization), the flaw reflects a broken access control pattern common in WordPress themes that register AJAX or REST endpoints without validating the caller's privilege level. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; EPSS data was not provided in available intelligence.