Skip to main content

Metro Magazine

2 CVEs product

Monthly

CVE-2024-37496 MEDIUM This Month

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Metro Magazine
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-40809 MEDIUM This Month

Missing authorization controls in the Metro Magazine WordPress theme by Rara Themes (versions through 1.4.1) expose unauthenticated network attackers to restricted theme actions, yielding partial integrity and availability impact without any credential requirement. Rooted in CWE-862 (Missing Authorization), the flaw reflects a broken access control pattern common in WordPress themes that register AJAX or REST endpoints without validating the caller's privilege level. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; EPSS data was not provided in available intelligence.

Authentication Bypass Metro Magazine
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Metro Magazine
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing authorization controls in the Metro Magazine WordPress theme by Rara Themes (versions through 1.4.1) expose unauthenticated network attackers to restricted theme actions, yielding partial integrity and availability impact without any credential requirement. Rooted in CWE-862 (Missing Authorization), the flaw reflects a broken access control pattern common in WordPress themes that register AJAX or REST endpoints without validating the caller's privilege level. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; EPSS data was not provided in available intelligence.

Authentication Bypass Metro Magazine
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy